CWE-698: Execution After Redirect (EAR)
Also known as: Redirect Without Exit
The web application sends a redirect to another location, but instead of exiting, it executes additional code.
Last updated
Overview
CWE-698 (Execution After Redirect (EAR)) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
16 recorded CVEs are caused by CWE-698 (Execution After Redirect (EAR)). The highest-severity and most recent are shown first. 6 new CWE-698 CVEs have been recorded so far in 2026 (3 in 2025).