Cyber Posture

CWE · MITRE source

CWE-667Improper Locking

Abstraction: Class · CVEs in our corpus: 654

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2019-100725.87.50.71302019-06-21
CVE-2021-1782 KEV3.87.00.05882021-04-02
CVE-2025-43510 KEV3.67.80.00302025-12-12
CVE-2004-01742.77.50.19922004-05-04
CVE-2009-26992.17.50.09282009-10-13
CVE-2020-246062.18.60.06342020-08-24
CVE-2018-02282.08.60.04162018-04-19
CVE-2019-58862.09.80.00412019-01-10
CVE-2020-126582.09.80.00572020-12-31
CVE-2020-03031.88.80.00372020-09-17
CVE-2020-156741.88.80.00312020-10-01
CVE-2026-316291.88.80.00032026-04-24
CVE-2002-18501.77.50.02912002-12-31
CVE-2006-22751.77.50.03172006-05-09
CVE-2006-51581.77.50.04042006-10-05
CVE-2020-112841.78.40.00032021-05-07
CVE-2021-16221.78.60.00272021-09-23
CVE-2002-00511.67.80.00832002-04-04
CVE-2009-42721.67.50.01812010-01-27
CVE-2010-42101.67.80.00262010-11-22
CVE-2018-10001271.67.50.01002018-03-13
CVE-2019-20501.67.80.00012019-05-08
CVE-2019-20251.67.80.00192019-06-19
CVE-2019-21741.67.80.00012019-09-05
CVE-2019-104941.68.10.00162019-12-12