CWE-424: Improper Protection of Alternate Path
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Last updated
Overview
CWE-424 (Improper Protection of Alternate Path) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
31 recorded CVEs are caused by CWE-424 (Improper Protection of Alternate Path), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 5 new CWE-424 CVEs have been recorded so far in 2026 (12 in 2025).