2 vulnerabilities classified as CWE-1108. AI Chinese analysis included.
CWE-1108 represents a structural weakness where software architecture excessively depends on global variables for state management rather than encapsulating data within local scopes. This design flaw typically enables exploitation by allowing attackers to manipulate shared state across unrelated code modules, potentially bypassing security checks or causing unintended side effects through race conditions and unauthorized data modification. Because global variables lack strict access controls, malicious actors can inject harmful values that persist throughout the application’s lifecycle, compromising integrity and confidentiality. To mitigate this risk, developers should adopt modular programming practices, passing data explicitly through function parameters and return values. Implementing strict encapsulation and minimizing variable scope ensures that state changes are localized, predictable, and easier to audit, thereby reducing the attack surface and enhancing overall system resilience against state-based vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32841 | Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients — Edimax GS-5008PL | 8.1 | High | 2026-03-17 |
| CVE-2022-2642 | Horner Automation Remote Compact Controller 安全漏洞 — Remote Compact Controller (RCC) 972 | 7.5 | High | 2022-12-12 |
Vulnerabilities classified as CWE-1108 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.