CWE-610: Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Last updated
Overview
CWE-610 (Externally Controlled Reference to a Resource in Another Sphere) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
68 recorded CVEs are caused by CWE-610 (Externally Controlled Reference to a Resource in Another Sphere), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 14 new CWE-610 CVEs have been recorded so far in 2026 (14 in 2025).