CWE-573: Improper Following of Specification by Caller
The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.
Last updated
Overview
When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.
Real-world CVEs
6 recorded CVEs are caused by CWE-573 (Improper Following of Specification by Caller). The highest-severity and most recent are shown first. 3 new CWE-573 CVEs have been recorded so far in 2026 (2 in 2025).
- CVE-2026-41583
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling
Critical · CVSS 9.3 · EPSS 20th2026-05-08 - CVE-2025-21601
Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device
High · CVSS 8.7 · EPSS 32th2025-04-09 - CVE-2026-59998Medium · CVSS 6.5 · EPSS 8th