CWE-606: Unchecked Input for Loop Condition
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
Last updated
Overview
CWE-606 (Unchecked Input for Loop Condition) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
25 recorded CVEs are caused by CWE-606 (Unchecked Input for Loop Condition). The highest-severity and most recent are shown first. 12 new CWE-606 CVEs have been recorded so far in 2026 (5 in 2025).
- CVE-2026-27689
Denial of service (DOS) in SAP Supply Chain Management
High · CVSS 7.7 · EPSS 29th2026-03-10 - CVE-2026-23689
Denial of service (DOS) in SAP Supply Chain Management
High · CVSS 7.7 · EPSS 28th2026-02-10 - CVE-2026-27145
Inefficient candidate hostname parsing in crypto/x509
High · CVSS 7.5 · EPSS 57th2026-06-02