CWE-410: Insufficient Resource Pool
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
Last updated
Overview
Frequently the consequence is a "flood" of connection or sessions.
Real-world CVEs
19 recorded CVEs are caused by CWE-410 (Insufficient Resource Pool). The highest-severity and most recent are shown first. 2 new CWE-410 CVEs have been recorded so far in 2026 (6 in 2025).
- CVE-2021-1615
Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability
High · CVSS 8.6 · EPSS 64th2021-09-23 - CVE-2025-41653
Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches
High · CVSS 7.5 · EPSS 57th2025-05-27 - CVE-2025-27479
Kerberos Key Distribution Proxy Service Denial of Service Vulnerability
High · CVSS 7.5 · EPSS 97th2025-04-08