CWE-1050: Excessive Platform Resource Consumption within a Loop
The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
Last updated
Overview
CWE-1050 (Excessive Platform Resource Consumption within a Loop) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
11 recorded CVEs are caused by CWE-1050 (Excessive Platform Resource Consumption within a Loop). The highest-severity and most recent are shown first. 4 new CWE-1050 CVEs have been recorded so far in 2026 (3 in 2025).
- CVE-2026-4634
Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters
High · CVSS 7.5 · EPSS 41th2026-04-02 - CVE-2025-67419High · CVSS 7.5 · EPSS 21th2026-01-05
- CVE-2025-48866
ModSecurity has possible DoS vulnerability in sanitiseArg action
High · CVSS 7.5 · EPSS 52th2025-06-02 - CVE-2025-47947
ModSecurity Has Possible DoS Vulnerability
High · CVSS 7.5 · EPSS 44th2025-05-21 - CVE-2024-4068
Memory Exhaustion in braces
High · CVSS 7.5 · EPSS 71th2024-05-13 - CVE-2023-1390High · CVSS 7.5 · EPSS 91th2023-03-16
- CVE-2021-41039High · CVSS 7.5 · EPSS 66th2021-12-01
- CVE-2019-11254Medium · CVSS 6.5 · EPSS 82th2020-04-01
- CVE-2026-22263
Suricata http1: quadratic complexity in headers parsing over multiple packets
Medium · CVSS 5.3 · EPSS 32th2026-01-27 - CVE-2026-22261
Suricata eve/alert: http1 xff handling can lead to denial of service
Medium · CVSS 5.3 · EPSS 23th2026-01-27 - CVE-2025-32907
Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header
Medium · CVSS 5.3 · EPSS 47th2025-04-14
Common consequences
What can happen when CWE-1050 is exploited.
DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Reduce Performance
Affects: Availability
This issue can make the product perform more slowly. If an attacker can influence the number of iterations in the loop, then this performance problem might allow a denial of service by consuming more platform resources than intended.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Terminology & mappings
Mapped taxonomies
- OMG ASCPEM (ASCPEM-PRF-8)
Frequently asked questions
Common questions about CWE-1050.
- What is CWE-1050?
- The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
- What CVEs are caused by CWE-1050?
- 11 recorded CVEs are attributed to CWE-1050, including CVE-2026-4634, CVE-2025-67419, CVE-2025-48866.
- What are the consequences of CWE-1050?
- Exploiting CWE-1050 can lead to: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other), Reduce Performance.
- Is CWE-1050 actively exploited?
- 11 recorded CVEs are caused by CWE-1050; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1050) (opens in a new tab)
- CWE-1050 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1050
Get alerted the moment a new CWE-1050 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.