CWE-668: Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Last updated
Overview
Resources such as files and directories may be inadvertently exposed through mechanisms such as insecure permissions, or when a program accidentally operates on the wrong object. For example, a program may intend that private files can only be provided to a specific user. This effectively defines a control sphere that is intended to prevent attackers from accessing these private files. If the file permissions are insecure, then parties other than the user will be able to access those files. A separate control sphere might effectively require that the user can only access the private files, but not any other files on the system. If the program does not ensure that the user is only requesting private files, then the user might be able to access other files on the system. In either case, the end result is that a resource has been exposed to the wrong party.
Real-world CVEs
187 recorded CVEs are caused by CWE-668 (Exposure of Resource to Wrong Sphere). The highest-severity and most recent are shown first. 41 new CWE-668 CVEs have been recorded so far in 2026 (16 in 2025).
- CVE-2025-2857
Incorrect handle could lead to sandbox escapes
Critical · CVSS 10.0 · EPSS 77th2025-03-27 - CVE-2022-1467Critical · CVSS 9.9 · EPSS 55th2022-05-23
- CVE-2026-45411
vm2: Sandbox Breakout Using Async Generator
Critical · CVSS 9.8 · EPSS 43th2026-05-13 - CVE-2026-44009
vm2: Sandbox Breakout Through Null Proto Exception
Critical · CVSS 9.8 · EPSS 53th2026-05-13 - CVE-2026-44008
vm2: Snabox breakout via `neutralizeArraySpeciesBatch`
Critical · CVSS 9.8 · EPSS 54th2026-05-13 - CVE-2026-20160
Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability
Critical · CVSS 9.8 · EPSS 56th2026-04-01 - CVE-2026-29093
WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port
Critical · CVSS 9.8 · EPSS 39th2026-03-06 - CVE-2024-5660Critical · CVSS 9.8 · EPSS 43th2024-12-10
- CVE-2023-45911Critical · CVSS 9.8 · EPSS 53th2023-10-18
- CVE-2022-48198Critical · CVSS 9.8 · EPSS 61th2023-01-01
- CVE-2022-29247Critical · CVSS 9.8 · EPSS 58th2022-06-13
- CVE-2022-24074Critical · CVSS 9.8 · EPSS 60th2022-03-17
Showing 12 of 187 recorded CWE-668 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-668 vulnerabilitiesCommon consequences
What can happen when CWE-668 is exploited.
Read Application Data
Affects: Confidentiality
An adversary that gains access to a resource exposed to a wrong sphere could potentially retrieve private data from that resource, thus breaking the intended confidentiality of that data.
Modify Application Data
Affects: Integrity
An adversary that gains access to a resource exposed to a wrong sphere could potentially modify data held within that resource, thus breaking the intended integrity of that data and causing the system relying on that resource to make unintended decisions.
Varies by Context
Affects: Other
The consequences may vary widely depending on how the product uses the affected resource.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Frequently asked questions
Common questions about CWE-668.
- What is CWE-668?
- The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
- What CVEs are caused by CWE-668?
- 187 recorded CVEs are attributed to CWE-668, including CVE-2025-2857, CVE-2022-1467, CVE-2026-45411.
- What are the consequences of CWE-668?
- Exploiting CWE-668 can lead to: Read Application Data, Modify Application Data, Varies by Context.
- Is CWE-668 actively exploited?
- 187 recorded CVEs are caused by CWE-668; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-668) (opens in a new tab)
- CWE-668 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-668
Get alerted the moment a new CWE-668 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.