Class weakness
Incomplete
CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
Last updated
21
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Class
Abstraction
MITRE classification
Overview
This can lead to resultant weaknesses when the required properties change, such as when the product is ported to a different platform or if an interaction error (CWE-435) occurs.
Real-world CVEs
21 recorded CVEs are caused by CWE-758 (Reliance on Undefined, Unspecified, or Implementation-Defined Behavior). The highest-severity and most recent are shown first. 17 new CWE-758 CVEs have been recorded so far in 2026 (2 in 2025).
- CVE-2026-4705
Undefined behavior in the WebRTC: Signaling component
Critical · CVSS 9.8 · EPSS 33th2026-03-24 - CVE-2026-4724
Undefined behavior in the Audio/Video component
Critical · CVSS 9.1 · EPSS 30th2026-03-24 - CVE-2026-21677
iccDEV has Undefined Behavior in CIccCLUT::Init()
High · CVSS 8.8 · EPSS 22th2026-01-06