Log in
The product contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or control flow, such that removal of the code would have no impact to functionality or correctness.
Last updated
Irrelevant code could include dead code, initialization that is not used, empty blocks, code that could be entirely removed due to optimization, etc.
1 recorded CVEs are caused by CWE-1164 (Irrelevant Code). The highest-severity and most recent are shown first. 0 new CWE-1164 CVEs have been recorded so far in 2026 (1 in 2025).
What can happen when CWE-1164 is exploited.
Reduce Reliability
Affects: Other
Reduce Performance
Affects: Other
Typically introduced during these phases of the software lifecycle.
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Illustrative examples from MITRE showing how the weakness appears in code.
The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null. However, on the only path where s can be assigned a non-null value, there is a return statement.
Vulnerable example
String s = null;The following code excerpt assigns to the variable r and then overwrites the value without using it.
Vulnerable example
r = getName();Real CVEs that MITRE cites as examples of this weakness.
Common questions about CWE-1164.
The product contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or control flow, such that removal of the code would have no impact to functionality or correctness.
1 recorded CVEs are attributed to CWE-1164, including CVE-2025-40769.
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Exploiting CWE-1164 can lead to: Reduce Reliability, Reduce Performance.
1 recorded CVEs are caused by CWE-1164; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-1164 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.