CWE-1384: Improper Handling of Physical or Environmental Conditions
The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
Last updated
Overview
Hardware products are typically only guaranteed to behave correctly within certain physical limits or environmental conditions. Such products cannot necessarily control the physical or external conditions to which they are subjected. However, the inability to handle such conditions can undermine a product's security. For example, an unexpected physical or environmental condition may cause the flipping of a bit that is used for an authentication decision. This unexpected condition could occur naturally or be induced artificially by an adversary. Physical or environmental conditions of concern are: Atmospheric characteristics: extreme temperature ranges, etc. Interference: electromagnetic interference (EMI), radio frequency interference (RFI), etc. Assorted light sources: white light, ultra-violet light (UV), lasers, infrared (IR), etc. Power variances: under-voltages, over-voltages, under-current, over-current, etc. Clock variances: glitching, overclocking, clock stretching, etc. Component aging and degradation Materials manipulation: focused ion beams (FIB), etc. Exposure to radiation: x-rays, cosmic radiation, etc.
Real-world CVEs
6 recorded CVEs are caused by CWE-1384 (Improper Handling of Physical or Environmental Conditions). The highest-severity and most recent are shown first. 4 new CWE-1384 CVEs have been recorded so far in 2026 (2 in 2025).
- CVE-2026-2760
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
Critical · CVSS 10.0 · EPSS 32th2026-02-24 - CVE-2026-2759
Incorrect boundary conditions in the Graphics: ImageLib component
Critical · CVSS 9.8 · EPSS 32th2026-02-24 - CVE-2026-2757
Incorrect boundary conditions in the WebRTC: Audio/Video component
Critical · CVSS 9.8 · EPSS 39th2026-02-24 - CVE-2025-52557
Mail-0 Zero Session Hijacking Via Email
High · CVSS 8.6 · EPSS 28th2025-06-21 - CVE-2024-39355Medium · CVSS 5.7 · EPSS 15th2025-02-12
- CVE-2026-49325
Indian Scout Bobber 2025 WCM voltage-based shutdown
Medium · CVSS 4.1 · EPSS 6th2026-05-29
Common consequences
What can happen when CWE-1384 is exploited.
Varies by Context, Unexpected State
Affects: Confidentiality, Integrity, Availability
Consequences of this weakness are highly dependent on the role of affected components within the larger product.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1384, grouped by where in the lifecycle they apply.
In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock glitches, an attacker might launch a fault-injection attack right when the signature check is happening (at the location marked with the comment), causing a bypass of the signature-checking process.
Safe example
If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful.After bypassing secure boot, an attacker can gain access to system assets to which the attacker should not have access.
In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enabled the researcher to access the crash file, perform reverse engineering, and detect a hard-coded key. [REF-1101]
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2019-17391 — Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.
Frequently asked questions
Common questions about CWE-1384.
- What is CWE-1384?
- The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.
- What CVEs are caused by CWE-1384?
- 6 recorded CVEs are attributed to CWE-1384, including CVE-2026-2760, CVE-2026-2759, CVE-2026-2757.
- How do you prevent CWE-1384?
- In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
- What are the consequences of CWE-1384?
- Exploiting CWE-1384 can lead to: Varies by Context, Unexpected State.
- Is CWE-1384 actively exploited?
- 6 recorded CVEs are caused by CWE-1384; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1384) (opens in a new tab)
- CWE-1384 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1384
Get alerted the moment a new CWE-1384 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.