CWE-673: External Influence of Sphere Definition
The product does not prevent the definition of control spheres from external actors.
Last updated
Overview
Typically, a product defines its control sphere within the code itself, or through configuration by the product's administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.
Real-world CVEs
1 recorded CVEs are caused by CWE-673 (External Influence of Sphere Definition). The highest-severity and most recent are shown first. 0 new CWE-673 CVEs have been recorded so far in 2026 (1 in 2025).
Common consequences
What can happen when CWE-673 is exploited.
Other
Affects: Other
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.