CWE-628: Function Call with Incorrectly Specified Arguments
The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.
Last updated
Overview
There are multiple ways in which this weakness can be introduced, including: the wrong variable or reference; an incorrect number of arguments; incorrect order of arguments; wrong type of arguments; or wrong value.
Real-world CVEs
3 recorded CVEs are caused by CWE-628 (Function Call with Incorrectly Specified Arguments). The highest-severity and most recent are shown first. 1 new CWE-628 CVE has been recorded so far in 2026.
Common consequences
What can happen when CWE-628 is exploited.