Base weakness

Incomplete

CWE-821: Incorrect Synchronization

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.

Last updated May 1, 2026

11

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.

Real-world CVEs

11 recorded CVEs are caused by CWE-821 (Incorrect Synchronization). The highest-severity and most recent are shown first. 1 new CWE-821 CVE has been recorded so far in 2026 (3 in 2025).

CVE-2026-21919

Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability

High · CVSS 7.1 · EPSS 13th

2026-04-09

CVE-2024-6657

BLE peripheral DoS after few cycles of connect/disconnects

Medium · CVSS 6.5 · EPSS 9th

2024-10-11

CVE-2023-5088

Qemu: improper ide controller reset can lead to mbr overwrite

Medium · CVSS 6.4 · EPSS 14th

2023-11-03

CVE-2024-4278

Incorrect Synchronization in GitLab

Medium · CVSS 5.5 · EPSS 13th

2024-09-26

CVE-2024-5755

Medium · CVSS 5.3 · EPSS 25th

2024-06-27

CVE-2024-58133

Medium · CVSS 4.0 · EPSS 12th

2025-04-06

CVE-2024-58131

Medium · CVSS 4.0 · EPSS 12th

2025-04-06

CVE-2024-58132

Medium · CVSS 4.0 · EPSS 12th

2025-04-06

Common consequences

What can happen when CWE-821 is exploited.

Modify Application Data, Read Application Data, Alter Execution Logic

Affects: Integrity, Confidentiality, Other

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

How to detect it

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Frequently asked questions

Common questions about CWE-821.

What is CWE-821?

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.

What CVEs are caused by CWE-821?

11 recorded CVEs are attributed to CWE-821, including CVE-2022-1931, CVE-2024-1739, CVE-2024-1902.

How is CWE-821 detected?

Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

What are the consequences of CWE-821?

Exploiting CWE-821 can lead to: Modify Application Data, Read Application Data, Alter Execution Logic.

Is CWE-821 actively exploited?

11 recorded CVEs are caused by CWE-821; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-821

Get alerted the moment a new CWE-821 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-821?

What CVEs are caused by CWE-821?

How is CWE-821 detected?

What are the consequences of CWE-821?

Is CWE-821 actively exploited?

References

Stay ahead of CWE-821