BaseIncomplete
CWE-829Inclusion of Functionality from Untrusted Control Sphere
Category: other
Description
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Common consequences· 1
- Confidentiality / Integrity / Availability — Execute Unauthorized Code or CommandsAn attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site. This could enable the injection of malware, information exposure by granting excessive privileges or permissions to the untrusted functionality, DOM-based XSS vulnerabilities, stealing user's cookies, open redirect to malware (CWE-601), etc.
Potential mitigations· 5
- [Architecture and Design]Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- [Architecture and Design]
- [Architecture and Design]For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- [Architecture and Design, Operation]
- [Architecture and Design, Operation]Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Related CAPEC attack patterns· 13
References
Exploits (incoming)13
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Serialized Data External Linkingcapec-201 | 100% | live |
| AttackPattern | Root/Jailbreak Detection Evasion via Hookingcapec-660 | 100% | live |
| AttackPattern | Inclusion of Code in Existing Processcapec-640 | 100% | live |
| AttackPattern | Local Execution of Codecapec-549 | 100% | live |
| AttackPattern | Code Inclusioncapec-175 | 100% | live |
| AttackPattern | Install Malicious Extensioncapec-698 | 100% | live |
| AttackPattern | DTD Injectioncapec-228 | 100% | live |
| AttackPattern | Local Code Inclusioncapec-251 | 100% | live |
| AttackPattern | Force Use of Corrupted Filescapec-263 | 100% | live |
| AttackPattern | Repo Jackingcapec-695 | 100% | live |
| AttackPattern | PHP Local File Inclusioncapec-252 | 100% | live |
| AttackPattern | Remote Code Inclusioncapec-253 | 100% | live |
| AttackPattern | Open-Source Library Manipulationcapec-538 | 100% | live |
Compliance frameworks addressing this (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | owasp_llm_top10-llm03 | 100% | live |
(incoming)47
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-0982cve-2025-0982 | 0% | live |
| Vulnerability | CVE-2025-11023cve-2025-11023 | 0% | live |
| Vulnerability | CVE-2025-12509cve-2025-12509 | 0% | live |
| Vulnerability | CVE-2025-15612cve-2025-15612 | 0% | live |
| Vulnerability | CVE-2025-20236cve-2025-20236 | 0% | live |
| Vulnerability | CVE-2025-27607cve-2025-27607 | 0% | live |
| Vulnerability | CVE-2025-27668cve-2025-27668 | 0% | live |
| Vulnerability | Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerabilitycve-2025-32463 | 0% | live |
| Vulnerability | CVE-2025-36355cve-2025-36355 | 0% | live |
| Vulnerability | CVE-2025-36727cve-2025-36727 | 0% | live |
| Vulnerability | CVE-2025-39507cve-2025-39507 | 0% | live |
| Vulnerability | CVE-2025-53546cve-2025-53546 | 0% | live |
| Vulnerability | CVE-2025-54135cve-2025-54135 | 0% | live |
| Vulnerability | CVE-2025-59828cve-2025-59828 | 0% | live |
| Vulnerability | CVE-2025-61592cve-2025-61592 | 0% | live |
| Vulnerability | CVE-2025-62726cve-2025-62726 | 0% | live |
| Vulnerability | CVE-2025-64496cve-2025-64496 | 0% | live |
| Vulnerability | CVE-2025-65964cve-2025-65964 | 0% | live |
| Vulnerability | CVE-2025-66022cve-2025-66022 | 0% | live |
| Vulnerability | CVE-2025-67900cve-2025-67900 | 0% | live |
| Vulnerability | CVE-2025-70046cve-2025-70046 | 0% | live |
| Vulnerability | CVE-2025-70974cve-2025-70974 | 0% | live |
| Vulnerability | CVE-2025-8714cve-2025-8714 | 0% | live |
| Vulnerability | CVE-2026-0770cve-2026-0770 | 0% | live |
| Vulnerability | CVE-2026-1699cve-2026-1699 | 0% | live |
| Vulnerability | CVE-2026-22208cve-2026-22208 | 0% | live |
| Vulnerability | CVE-2026-26862cve-2026-26862 | 0% | live |
| Vulnerability | CVE-2026-26974cve-2026-26974 | 0% | live |
| Vulnerability | CVE-2026-27941cve-2026-27941 | 0% | live |
| Vulnerability | CVE-2026-28135cve-2026-28135 | 0% | live |
Showing top 30 of 47 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.