The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

What CVEs are caused by CWE-408?

6 recorded CVEs are attributed to CWE-408, including CVE-2026-41405, CVE-2020-1657, CVE-2026-41374.

What are the consequences of CWE-408?

Exploiting CWE-408 can lead to: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory).

Is CWE-408 actively exploited?

6 recorded CVEs are caused by CWE-408; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-408: Incorrect Behavior Order: Early Amplification

Medium · CVSS 6.9 · EPSS 24th

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

This function prints the contents of a specified file requested by a user.

Vulnerable example

php

function printFile($username,$filename){

This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.

CWE-408: Incorrect Behavior Order: Early Amplification

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-408?

What CVEs are caused by CWE-408?

What are the consequences of CWE-408?

Is CWE-408 actively exploited?

References

Stay ahead of CWE-408

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-408?

What CVEs are caused by CWE-408?

What are the consequences of CWE-408?

Is CWE-408 actively exploited?

References

Stay ahead of CWE-408