CWE-386: Symbolic Name not Mapping to Correct Object
A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
Last updated
Overview
CWE-386 (Symbolic Name not Mapping to Correct Object) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
2 recorded CVEs are caused by CWE-386 (Symbolic Name not Mapping to Correct Object). The highest-severity and most recent are shown first. 1 new CWE-386 CVE has been recorded so far in 2026.
Common consequences
What can happen when CWE-386 is exploited.
Gain Privileges or Assume Identity
Affects: Access Control
The attacker can gain access to otherwise unauthorized resources.
Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other