The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
View on MITREAn attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
Executing untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate users.
Encrypt the code with a reliable encryption scheme before transmitting. This will only be a partial solution, since it will not detect DNS spoofing and it will not prevent your code from being modified on the hosting site.
No detection method information available for this CWE.
This example loads an external class from a local subdirectory.
This code does not ensure that the class loaded is the intended one, for example by verifying the class's checksum. An attacker may be able to modify the class file to execute malicious code.
This code includes an external script to get database credentials, then authenticates a user against the database, allowing access to the application.
This code does not verify that the external domain accessed is the intended one. An attacker may somehow cause the external domain name to resolve to an attack server, which would provide the information for a false database. The attacker may then steal the usernames and encrypted passwords from real user login attempts, or simply allow themself to access the application without a real user account.
Chain: router's firmware update procedure uses curl with "-k" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).
View DetailsVOIP phone downloads applications from web sites without verifying integrity.
View DetailsCWE-494: Download of Code Without Integrity Check is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
If exploited, CWE-494 (Download of Code Without Integrity Check) it can compromise Integrity, Availability, Confidentiality and Other, leading to outcomes such as Execute Unauthorized Code or Commands, Alter Execution Logic and Other.
Recommended mitigations for CWE-494 include: Encrypt the code with a reliable encryption scheme before transmitting. This will only be a partial solution, since it will not detect DNS spoofing and it will not prevent your code from being modified on the hosting site.
CWE-494 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-494, including CVE-2019-9534, CVE-2021-22909, CVE-2008-3438, CVE-2008-3324 and CVE-2001-1125. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-494 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.