CWE-697: Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect.
Last updated
Overview
This Pillar covers several possibilities: the comparison checks one factor incorrectly; the comparison should consider multiple factors, but it does not check at least one of those factors at all; the comparison checks the wrong factor.
Real-world CVEs
64 recorded CVEs are caused by CWE-697 (Incorrect Comparison), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 10 new CWE-697 CVEs have been recorded so far in 2026 (7 in 2025).