CWE-826: Premature Release of Resource During Expected Lifetime

The product releases a resource that is still intended to be used by itself or another actor.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

This weakness focuses on errors in which the product should not release a resource, but performs the release anyway. This is different than a weakness in which the product releases a resource at the appropriate time, but it maintains a reference to the resource, which it later accesses. For this weakness, the resource should still be valid upon the subsequent access. When a product releases a resource that is still being used, it is possible that operations will still be taken on this resource, which may have been repurposed in the meantime, leading to issues similar to CWE-825. Consequences may include denial of service, information exposure, or code execution.

CWE-826: Premature Release of Resource During Expected Lifetime

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Illustrative examples

Frequently asked questions

What is CWE-826?

What CVEs are caused by CWE-826?

How is CWE-826 detected?

What are the consequences of CWE-826?

Is CWE-826 actively exploited?

References

Stay ahead of CWE-826

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Illustrative examples

Related weaknesses

Parent

Can precede

Frequently asked questions

What is CWE-826?

What CVEs are caused by CWE-826?

How is CWE-826 detected?

What are the consequences of CWE-826?

Is CWE-826 actively exploited?

References

Stay ahead of CWE-826