The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated.

What CVEs are caused by CWE-1116?

3 recorded CVEs are attributed to CWE-1116, including CVE-2022-48339, CVE-2022-30351, CVE-2025-1219.

How do you prevent CWE-1116?

Verify that each comment accurately reflects what is intended to happen during execution of the code.

What are the consequences of CWE-1116?

Exploiting CWE-1116 can lead to: Reduce Maintainability, Increase Analytical Complexity.

Is CWE-1116 actively exploited?

3 recorded CVEs are caused by CWE-1116; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-1116: Inaccurate Source Code Comments

Reduce Maintainability

Affects: Other

This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

Increase Analytical Complexity

Affects: Other

When a comment does not accurately reflect the associated code elements, this can introduce confusion to a reviewer (due to inconsistencies) or make it more difficult and less efficient to validate that the code is implementing the intended behavior correctly.

CWE-1116: Inaccurate Source Code Comments

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

In the following Java example the code performs a calculation to determine how much medicine to administer. A comment is provided to give insight into what the calculation shoud be doing. Unfortunately the comment does not match the actual code and thus leaves the reader to wonder which is correct.

Vulnerable example

java

public static void main(String[] args) {

Safe example

java

public static void main(String[] args) {

CWE-1116: Inaccurate Source Code Comments

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Frequently asked questions

What is CWE-1116?

What CVEs are caused by CWE-1116?

How do you prevent CWE-1116?

What are the consequences of CWE-1116?

Is CWE-1116 actively exploited?

References

Stay ahead of CWE-1116

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Related weaknesses

Parent

Frequently asked questions

What is CWE-1116?

What CVEs are caused by CWE-1116?

How do you prevent CWE-1116?

What are the consequences of CWE-1116?

Is CWE-1116 actively exploited?

References

Stay ahead of CWE-1116