Log inLog in

Base weakness

Incomplete

CWE-910: Use of Expired File Descriptor

Also known as: Stale file descriptor

The product uses or accesses a file descriptor after it has been closed.

Last updated May 1, 2026

1

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Medium

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

After a file descriptor for a particular file or device has been released, it can be reused. The code might not write to the original file, since the reused file descriptor might reference a different file or device.

Real-world CVEs

1 recorded CVEs are caused by CWE-910 (Use of Expired File Descriptor). The highest-severity and most recent are shown first.

CVE-2020-13530
High · CVSS 7.5 · EPSS 79th
2020-12-11

Common consequences

What can happen when CWE-910 is exploited.

Read Files or Directories

Affects: Confidentiality

The program could read data from the wrong file.

DoS: Crash, Exit, or Restart

Affects: Availability

Accessing a file descriptor that has been closed can cause a crash.

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

Applies to

Languages

C (Sometimes)

C++ (Sometimes)

How to detect it

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Effectiveness: High

Terminology & mappings

Alternate terms

Stale file descriptor

Mapped taxonomies

CERT C Secure Coding: Do not access a closed file (FIO46-C) — Exact fit

Frequently asked questions

Common questions about CWE-910.

What is CWE-910?

The product uses or accesses a file descriptor after it has been closed.

What CVEs are caused by CWE-910?

1 recorded CVEs are attributed to CWE-910, including CVE-2020-13530.

How is CWE-910 detected?

Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

What are the consequences of CWE-910?

Exploiting CWE-910 can lead to: Read Files or Directories, DoS: Crash, Exit, or Restart.

Is CWE-910 actively exploited?

1 recorded CVEs are caused by CWE-910; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-910

Get alerted the moment a new CWE-910 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

Log in