CWE-480: Use of Incorrect Operator
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
Last updated
Overview
These types of errors are generally the result of a typo by the programmer.
Real-world CVEs
5 recorded CVEs are caused by CWE-480 (Use of Incorrect Operator). The highest-severity and most recent are shown first. 3 new CWE-480 CVEs have been recorded so far in 2026 (1 in 2025).
- CVE-2026-15043
DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text
Critical · CVSS 9.8 · EPSS 40th2026-07-14 - CVE-2026-43114
netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry
Critical · CVSS 9.4 · EPSS 28th2026-05-06 - CVE-2026-48497
Envoy: Abnormal process termination in DNS UDP filter
High · CVSS 7.5 · EPSS 33th2026-06-26