Base weakness

Incomplete

CWE-708: Incorrect Ownership Assignment

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

This may allow the resource to be manipulated by actors outside of the intended control sphere.

Real-world CVEs

20 recorded CVEs are caused by CWE-708 (Incorrect Ownership Assignment). The highest-severity and most recent are shown first. 2 new CWE-708 CVEs have been recorded so far in 2026 (6 in 2025).

CWE-708: Incorrect Ownership Assignment

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Analysis

Illustrative examples

Frequently asked questions

What is CWE-708?

What CVEs are caused by CWE-708?

How do you prevent CWE-708?

How is CWE-708 detected?

What are the consequences of CWE-708?

Is CWE-708 actively exploited?

References

Stay ahead of CWE-708

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Analysis

Illustrative examples

Related weaknesses

Parent

Can also be

Frequently asked questions

What is CWE-708?

What CVEs are caused by CWE-708?

How do you prevent CWE-708?

How is CWE-708 detected?

What are the consequences of CWE-708?

Is CWE-708 actively exploited?

References

Stay ahead of CWE-708