CWE-683: Function Call With Incorrect Order of Arguments
The product calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.
Last updated
Overview
While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.
Real-world CVEs
5 recorded CVEs are caused by CWE-683 (Function Call With Incorrect Order of Arguments). The highest-severity and most recent are shown first. 2 new CWE-683 CVEs have been recorded so far in 2026 (1 in 2025).
- CVE-2023-32059High · CVSS 7.5 · EPSS 44th2023-05-11
- CVE-2026-32269
Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint
Medium · CVSS 6.3 · EPSS 5th2026-03-12 - CVE-2026-24846
malcontent's archive extraction could write outside extraction directory
Medium · CVSS 5.5 · EPSS 1th2026-01-29