CWE · MITRE source
CWE-424Improper Protection of Alternate Path
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
AC-17 | Remote Access | AC | Documenting requirements and authorizing remote access ensures proper protection of alternate paths. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-58136 KEV | 7.3 | 9.0 | 0.5753 | 2025-04-10 |
CVE-2025-48827 | 6.2 | 10.0 | 0.6939 | 2025-05-27 |
CVE-2025-48828 | 6.2 | 9.0 | 0.7368 | 2025-05-27 |
CVE-2024-3459 | 1.7 | 8.4 | 0.0008 | 2024-05-14 |
CVE-2023-52952 | 1.7 | 8.5 | 0.0007 | 2024-10-08 |
CVE-2025-68939 | 1.6 | 8.2 | 0.0002 | 2025-12-26 |
CVE-2024-3460 | 1.5 | 7.4 | 0.0005 | 2024-05-14 |
CVE-2019-18996 | 1.4 | 7.1 | 0.0014 | 2019-12-18 |
CVE-2022-1742 | 1.4 | 6.8 | 0.0005 | 2022-06-24 |
CVE-2023-0629 | 1.4 | 7.1 | 0.0007 | 2023-03-13 |
CVE-2023-5165 | 1.4 | 7.1 | 0.0001 | 2023-09-25 |
CVE-2023-20272 | 1.4 | 6.7 | 0.0030 | 2023-11-21 |
CVE-2021-3793 | 1.3 | 6.5 | 0.0032 | 2021-11-12 |
CVE-2023-46176 | 1.3 | 6.7 | 0.0002 | 2023-11-03 |
CVE-2024-8311 | 1.3 | 6.5 | 0.0004 | 2024-09-12 |
CVE-2025-49162 | 1.3 | 6.4 | 0.0011 | 2025-06-03 |
CVE-2025-49163 | 1.3 | 6.7 | 0.0009 | 2025-06-03 |
CVE-2025-6250 | 1.3 | 6.7 | 0.0003 | 2025-07-28 |
CVE-2024-3927 | 1.1 | 5.3 | 0.0051 | 2024-05-22 |
CVE-2026-4270 | 1.1 | 5.5 | 0.0001 | 2026-03-16 |
CVE-2026-4913 | 1.1 | 5.7 | 0.0011 | 2026-04-14 |
CVE-2025-46654 | 1.0 | 4.9 | 0.0016 | 2025-04-26 |
CVE-2025-46655 | 1.0 | 4.9 | 0.0015 | 2025-04-26 |
CVE-2019-18997 | 0.9 | 4.3 | 0.0040 | 2019-12-18 |
CVE-2022-28782 | 0.9 | 4.6 | 0.0002 | 2022-05-03 |