CWE-1096: Singleton Class Instance Creation without Proper Locking or Synchronization

CWE-1096: Singleton Class Instance Creation without Proper Locking or Synchronization is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once. This issue can prevent the product from running reliably, e.g. by making the instantiation process non-thread-safe and introducing deadlock (CWE-833) or livelock conditions. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

If exploited, CWE-1096 (Singleton Class Instance Creation without Proper Locking or Synchronization) it can compromise Other, leading to outcomes such as Reduce Reliability.

A CWE (Common Weakness Enumeration) like CWE-1096 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.