CWE-506β€”Embedded Malicious Code

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30

Metadata

CWE ID:
CWE-506
Abstraction:
Class
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Embedded Malicious Code

Description

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Common Consequences

Scope:
Confidentiality, Integrity, Availability
Impact:
Execute Unauthorized Code or Commands

Related Weaknesses