- What is CWE-913?
- The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
- What CVEs are caused by CWE-913?
- 54 recorded CVEs are attributed to CWE-913, including CVE-2025-68613, CVE-2026-47208, CVE-2026-47137. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- How do you prevent CWE-913?
- For any externally-influenced input, check the input against an allowlist of acceptable values.
- How is CWE-913 detected?
- Fuzzing: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
- What are the consequences of CWE-913?
- Exploiting CWE-913 can lead to: Execute Unauthorized Code or Commands, Varies by Context, Alter Execution Logic.
- Is CWE-913 actively exploited?
- Yes. 1 CWE-913 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 54 recorded CVEs.