ClassDraft
CWE-610Externally Controlled Reference to a Resource in Another Sphere
Category: logic
Description
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Common consequences· 2
- Confidentiality / Integrity — Read Application Data, Modify Application DataAn adversary could read or modify data, depending on how the resource is intended to be used.
- Access Control — Gain Privileges or Assume IdentityAn adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.
Related CAPEC attack patterns· 1
References
Exploits (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | XML Routing Detour Attackscapec-219 | 100% | live |
Compliance frameworks addressing this (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | owasp_top10-a10 | 100% | live |
(incoming)24
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | Palo Alto Networks PAN-OS File Read Vulnerabilitycve-2025-0111 | 0% | live |
| Vulnerability | CVE-2025-10091cve-2025-10091 | 0% | live |
| Vulnerability | CVE-2025-10092cve-2025-10092 | 0% | live |
| Vulnerability | CVE-2025-10816cve-2025-10816 | 0% | live |
| Vulnerability | CVE-2025-11035cve-2025-11035 | 0% | live |
| Vulnerability | CVE-2025-11140cve-2025-11140 | 0% | live |
| Vulnerability | CVE-2025-11341cve-2025-11341 | 0% | live |
| Vulnerability | CVE-2025-22144cve-2025-22144 | 0% | live |
| Vulnerability | CVE-2025-3241cve-2025-3241 | 0% | live |
| Vulnerability | CVE-2025-5877cve-2025-5877 | 0% | live |
| Vulnerability | CVE-2025-6691cve-2025-6691 | 0% | live |
| Vulnerability | CVE-2025-7523cve-2025-7523 | 0% | live |
| Vulnerability | CVE-2025-7823cve-2025-7823 | 0% | live |
| Vulnerability | CVE-2025-7824cve-2025-7824 | 0% | live |
| Vulnerability | CVE-2025-9065cve-2025-9065 | 0% | live |
| Vulnerability | CVE-2026-0522cve-2026-0522 | 0% | live |
| Vulnerability | CVE-2026-30903cve-2026-30903 | 0% | live |
| Vulnerability | CVE-2026-3404cve-2026-3404 | 0% | live |
| Vulnerability | CVE-2026-34327cve-2026-34327 | 0% | live |
| Vulnerability | CVE-2026-45760cve-2026-45760 | 0% | live |
| Vulnerability | CVE-2026-47357cve-2026-47357 | 0% | live |
| Vulnerability | CVE-2026-47358cve-2026-47358 | 0% | live |
| KEVEntry | QNAP Photo Station Externally Controlled Reference Vulnerabilitykev-cve-2022-27593 | 0% | live |
| KEVEntry | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerabilitykev-cve-2022-30190 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.