CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
Last updated
Overview
This can lead to resultant weaknesses when the required properties change, such as when the product is ported to a different platform or if an interaction error (CWE-435) occurs.
Real-world CVEs
19 recorded CVEs are caused by CWE-758 (Reliance on Undefined, Unspecified, or Implementation-Defined Behavior). The highest-severity and most recent are shown first. 15 new CWE-758 CVEs have been recorded so far in 2026 (2 in 2025).
- CVE-2026-4705
Undefined behavior in the WebRTC: Signaling component
Critical · CVSS 9.8 · EPSS 34th2026-03-24 - CVE-2026-4724
Undefined behavior in the Audio/Video component
Critical · CVSS 9.1 · EPSS 24th2026-03-24 - CVE-2026-24407
iccDEV has Undefined Behavior in icSigCalcOp()
High · CVSS 8.8 · EPSS 32th2026-01-24