BaseDraft

CWE-783Operator Precedence Logic Error

Category: other

Description

The product uses an expression in which operator precedence causes incorrect logic to be used. While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Varies by Context, Unexpected State
    The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state.

Potential mitigations· 1

  • [Implementation]Regularly wrap sub-expressions in parentheses, especially in security-critical code.

References

  1. https://cwe.mitre.org/data/definitions/783.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2026-25233cve-2026-252330%live
KEVEntryAndroid Pixel Privilege Escalation Vulnerabilitykev-cve-2024-328960%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Regular Expression
CWE
Use of Incorrect Operator
CWE
Incorrect Comparison
CWE
Incorrect Calculation
CWE
Incorrect Short Circuit Evaluation
CWE
Incorrect Authorization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.