Cyber Resilience

CWE · MITRE source

CWE-366Race Condition within a Thread

Abstraction: Base · CVEs in our corpus: 18

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 6 mapping(s) from 3 framework(s): ASVS 5.0 3 (mostly) · CAPEC 2 (partial) · ATT&CK 1 (partial)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2021-265697.09.80.02182021-03-12
CVE-2025-581437.09.80.00342025-09-11
CVE-2022-17295.57.00.00312022-09-01
CVE-2023-65465.57.00.00772023-12-21
CVE-2024-67785.57.50.00782024-07-16
CVE-2024-106305.57.80.00222025-01-14
CVE-2026-23666 UPD5.57.50.01332026-04-14
CVE-2026-46181 UPD5.57.80.00112026-05-28
CVE-2020-16293.55.90.00672020-04-08
CVE-2015-100673.54.60.00542023-01-18
CVE-2023-32183.54.40.00472023-06-13
CVE-2023-41273.55.90.00402023-08-03
CVE-2023-47323.54.70.00182023-10-03
CVE-2026-228193.55.90.00212026-01-14
CVE-2026-236843.55.90.00162026-02-10
CVE-2026-39043.56.20.00152026-03-11
CVE-2024-20321.53.10.00292024-06-06