CWE-1280: Access Control Check Implemented After Asset is Accessed
A product's hardware-based access control check occurs after the asset has been accessed.
Last updated
Overview
The product implements a hardware-based access control check. The asset should be accessible only after the check is successful. If, however, this operation is not atomic and the asset is accessed before the check is complete, the security of the system may be compromised.
Real-world CVEs
1 recorded CVEs are caused by CWE-1280 (Access Control Check Implemented After Asset is Accessed). The highest-severity and most recent are shown first. 1 new CWE-1280 CVE has been recorded so far in 2026.
Common consequences
What can happen when CWE-1280 is exploited.
Modify Memory, Read Memory, Modify Application Data, Read Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism
Affects: Access Control, Confidentiality, Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
How to prevent it
Practical mitigations for CWE-1280, grouped by where in the lifecycle they apply.
Implement the access control check first. Access should only be given to asset if agent is authorized.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.
Vulnerable example
if (!rst_n)Safe example
if (!rst_n)Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1280.
- What is CWE-1280?
- A product's hardware-based access control check occurs after the asset has been accessed.
- What CVEs are caused by CWE-1280?
- 1 recorded CVEs are attributed to CWE-1280, including CVE-2026-3607.
- How do you prevent CWE-1280?
- Implement the access control check first. Access should only be given to asset if agent is authorized.
- What are the consequences of CWE-1280?
- Exploiting CWE-1280 can lead to: Modify Memory, Read Memory, Modify Application Data, Read Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism.
- Is CWE-1280 actively exploited?
- 1 recorded CVEs are caused by CWE-1280; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1280) (opens in a new tab)
- CWE-1280 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1280
Get alerted the moment a new CWE-1280 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.