CWE · MITRE source
CWE-407Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-5 | Denial-of-service Protection | SC | Addresses inefficient algorithms whose complexity can be exploited for DoS. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-36021 | 4.8 | 5.5 | 0.6117 | 2023-03-01 |
CVE-2020-27223 | 3.1 | 5.2 | 0.3382 | 2021-02-26 |
CVE-2016-10396 | 1.6 | 7.5 | 0.0208 | 2017-07-06 |
CVE-2021-33582 | 1.6 | 7.5 | 0.0102 | 2021-09-01 |
CVE-2022-39209 | 1.6 | 7.5 | 0.0183 | 2022-09-15 |
CVE-2023-46136 | 1.6 | 8.0 | 0.0057 | 2023-10-25 |
CVE-2024-23684 | 1.6 | 7.5 | 0.0230 | 2024-01-19 |
CVE-2024-43484 | 1.6 | 7.5 | 0.0121 | 2024-10-08 |
CVE-2024-8233 | 1.6 | 7.5 | 0.0120 | 2024-12-12 |
CVE-2017-11343 | 1.5 | 7.5 | 0.0035 | 2017-07-17 |
CVE-2018-12558 | 1.5 | 7.5 | 0.0053 | 2018-06-20 |
CVE-2019-19331 | 1.5 | 7.5 | 0.0049 | 2019-12-16 |
CVE-2022-22153 | 1.5 | 7.5 | 0.0039 | 2022-01-19 |
CVE-2022-40188 | 1.5 | 7.5 | 0.0046 | 2022-09-23 |
CVE-2022-45061 | 1.5 | 7.5 | 0.0013 | 2022-11-09 |
CVE-2023-38285 | 1.5 | 7.5 | 0.0056 | 2023-07-26 |
CVE-2024-21909 | 1.5 | 7.5 | 0.0047 | 2024-01-03 |
CVE-2023-4408 | 1.5 | 7.5 | 0.0029 | 2024-02-13 |
CVE-2024-43483 | 1.5 | 7.5 | 0.0074 | 2024-10-08 |
CVE-2024-43485 | 1.5 | 7.5 | 0.0074 | 2024-10-08 |
CVE-2024-9631 | 1.5 | 7.5 | 0.0014 | 2025-02-05 |
CVE-2025-27209 | 1.5 | 7.5 | 0.0005 | 2025-07-18 |
CVE-2025-62727 | 1.5 | 7.5 | 0.0040 | 2025-10-28 |
CVE-2025-58187 | 1.5 | 7.5 | 0.0002 | 2025-10-29 |
CVE-2025-64458 | 1.5 | 7.5 | 0.0002 | 2025-11-05 |