CWE · MITRE source
CWE-99Improper Control of Resource Identifiers ('Resource Injection')
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
A resource injection issue occurs when the following two conditions are met: This may enable an attacker to access or modify otherwise protected system resources.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2019-6545 | 2.6 | 7.5 | 0.1873 | 2019-02-13 |
CVE-2017-5159 | 2.0 | 9.8 | 0.0074 | 2017-02-13 |
CVE-2024-5706 | 2.0 | 8.8 | 0.0387 | 2025-02-19 |
CVE-2025-43491 | 2.0 | 9.8 | 0.0003 | 2025-09-09 |
CVE-2021-22879 | 1.9 | 8.8 | 0.0221 | 2021-04-14 |
CVE-2025-0756 | 1.9 | 9.1 | 0.0166 | 2025-04-16 |
CVE-2024-57971 | 1.8 | 9.1 | 0.0003 | 2025-02-16 |
CVE-2025-2410 | 1.8 | 9.1 | 0.0034 | 2025-05-22 |
CVE-2022-39369 | 1.7 | 8.0 | 0.0099 | 2022-11-01 |
CVE-2023-3517 | 1.7 | 8.5 | 0.0012 | 2023-12-12 |
CVE-2020-5230 | 1.6 | 7.7 | 0.0033 | 2020-01-30 |
CVE-2020-8177 | 1.6 | 7.8 | 0.0002 | 2020-12-14 |
CVE-2021-42360 | 1.5 | 7.6 | 0.0017 | 2021-11-17 |
CVE-2026-3693 | 1.5 | 7.3 | 0.0002 | 2026-03-08 |
CVE-2023-6605 | 1.4 | 7.2 | 0.0009 | 2025-01-06 |
CVE-2016-8615 | 1.3 | 5.3 | 0.0418 | 2018-08-01 |
CVE-2020-6245 | 1.3 | 6.7 | 0.0005 | 2020-05-12 |
CVE-2022-1287 | 1.3 | 6.5 | 0.0034 | 2022-04-09 |
CVE-2022-27670 | 1.3 | 6.5 | 0.0047 | 2022-04-12 |
CVE-2023-2980 | 1.3 | 6.3 | 0.0010 | 2023-05-30 |
CVE-2024-4294 | 1.3 | 6.3 | 0.0011 | 2024-04-27 |
CVE-2024-4817 | 1.3 | 6.3 | 0.0016 | 2024-05-14 |
CVE-2025-1645 | 1.3 | 6.3 | 0.0004 | 2025-02-25 |
CVE-2019-1860 | 1.2 | 5.9 | 0.0027 | 2019-05-16 |
CVE-2022-3774 | 1.1 | 5.4 | 0.0053 | 2022-10-31 |