VariantDraft

CWE-688Function Call With Incorrect Variable or Reference as Argument

Category: other

Description

The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

Common consequences· 1

  • Other — Quality Degradation

Potential mitigations· 1

  • [Testing]Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the product. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.

References

  1. https://cwe.mitre.org/data/definitions/688.html

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2026-33549cve-2026-335490%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Function Call with Incorrectly Specified Arguments
CWE
Function Call With Incorrect Number of Arguments
CWE
Function Call With Incorrectly Specified Argument Value
CWE
Function Call With Incorrect Argument Type
CWE
Function Call With Incorrect Order of Arguments
CWE
Access of Resource Using Incompatible Type ('Type Confusion')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.