CWE-684Incorrect Provision of Specified Functionality

Abstraction: Class · CVEs in our corpus: 27

The code does not function according to its published specifications, potentially leading to incorrect usage.

When providing functionality to an external party, it is important that the product behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control	Title	Family	Why it addresses this CWE
`SI-6`	Security and Privacy Function Verification	SI	Periodic checks confirm that specified security and privacy functions are actually provided and operating.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2024-50357`	2.0	9.8	0.0019	2024-11-29
`CVE-2024-6425`	1.9	9.1	0.0050	2024-07-01
`CVE-2023-24845`	1.8	9.1	0.0024	2023-08-08
`CVE-2023-5363`	1.8	7.5	0.0487	2023-10-25
`CVE-2023-4258`	1.7	8.6	0.0017	2023-09-25
`CVE-2025-47227`	1.7	7.5	0.0343	2025-07-05
`CVE-2025-58325`	1.6	8.2	0.0002	2025-10-14
`CVE-2025-66384`	1.6	8.2	0.0008	2025-11-28
`CVE-2024-20317`	1.5	7.4	0.0022	2024-09-11
`CVE-2026-30791`	1.5	7.5	0.0002	2026-03-05
`CVE-2026-3598`	1.5	7.5	0.0002	2026-03-05
`CVE-2026-34478`	1.5	7.5	0.0015	2026-04-10
`CVE-2026-42255`	1.4	7.2	0.0004	2026-04-26
`CVE-2023-5158`	1.3	6.5	0.0001	2023-09-25
`CVE-2026-40685`	1.3	6.5	0.0007	2026-04-30
`CVE-2022-23728`	1.2	6.1	0.0002	2022-01-21
`CVE-2026-40684`	1.2	5.9	0.0007	2026-04-30
`CVE-2024-6502`	1.1	5.7	0.0007	2024-08-22
`CVE-2024-5005`	0.9	4.3	0.0009	2024-10-11
`CVE-2025-54567`	0.8	4.2	0.0001	2025-07-25
`CVE-2020-11054`	0.7	3.5	0.0065	2020-05-07
`CVE-2025-54568`	0.7	3.7	0.0006	2025-07-25
`CVE-2026-35379`	0.7	3.3	0.0001	2026-04-22
`CVE-2026-35381`	0.7	3.3	0.0001	2026-04-22
`CVE-2026-44597`	0.7	3.7	0.0002	2026-05-07