ClassIncomplete

CWE-706Use of Incorrectly-Resolved Name or Reference

Category: other

Description

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Common consequences· 1

  • Confidentiality / Integrity — Read Application Data, Modify Application Data

Related CAPEC attack patterns· 4

CAPEC-159CAPEC-177CAPEC-48CAPEC-641

References

  1. https://cwe.mitre.org/data/definitions/706.html

Exploits (incoming)4

TypeTargetConfidenceTier
AttackPatternPassing Local Filenames to Functions That Expect a URLcapec-48100%live
AttackPatternCreate files with the same name as files protected with a higher classificationcapec-177100%live
AttackPatternDLL Side-Loadingcapec-641100%live
AttackPatternRedirect Access to Librariescapec-159100%live

(incoming)11

TypeTargetConfidenceTier
VulnerabilityApache Tomcat Path Equivalence Vulnerabilitycve-2025-248130%live
VulnerabilityCVE-2025-30849cve-2025-308490%live
VulnerabilityCVE-2025-30870cve-2025-308700%live
VulnerabilityCVE-2025-3941cve-2025-39410%live
VulnerabilityCVE-2025-48136cve-2025-481360%live
VulnerabilityCVE-2025-65474cve-2025-654740%live
VulnerabilityCVE-2026-25890cve-2026-258900%live
VulnerabilityCVE-2026-35039cve-2026-350390%live
VulnerabilityCVE-2026-35666cve-2026-356660%live
VulnerabilityCVE-2026-40912cve-2026-409120%live
KEVEntryIvanti MobileIron Multiple Products Remote Code Execution Vulnerabilitykev-cve-2020-155050%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Externally Controlled Reference to a Resource in Another Sphere
CWE
Improper Control of Resource Identifiers ('Resource Injection')
CWE
Exposure of Resource to Wrong Sphere
CWE
Incorrect Ownership Assignment
CWE
Incorrect Comparison
CWE
Improper Validation of Unsafe Equivalence in Input
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.