Cyber Resilience

CWE · MITRE source

CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · CVEs in our corpus: 844

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 3 mapping(s) from 1 framework(s): ATT&CK 3 (partial)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
CP-7Alternate Processing SiteCPEnables transfer to alternate site if an infinite loop at the primary renders processing unavailable.
SC-5Denial-of-service ProtectionSCDetects and mitigates infinite loops that produce sustained resource consumption.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-20353 KEV10.08.60.63272024-04-24
CVE-2017-169448.07.50.63322017-11-25
CVE-2019-142418.07.50.70242019-07-23
CVE-2020-70468.07.50.51262020-02-12
CVE-2020-139358.07.50.87552020-07-14
CVE-2020-362278.07.50.77742021-01-26
CVE-2021-40448.07.50.50102021-12-14
CVE-2022-07788.07.50.70562022-03-15
CVE-2023-349668.07.50.62012023-07-20
CVE-2017-129907.09.80.02552017-09-14
CVE-2017-129957.09.80.02412017-09-14
CVE-2017-129977.09.80.02462017-09-14
CVE-2018-207847.09.80.04172019-02-22
CVE-2019-193077.09.80.41352019-11-26
CVE-2021-421437.09.10.00812024-01-24
CVE-2026-314487.09.40.00432026-04-22
CVE-2004-07486.00.00.22312004-10-20
CVE-2005-22246.00.00.17832005-07-12
CVE-2011-10026.00.00.29362011-02-22
CVE-2016-49706.07.50.11262017-04-13
CVE-2017-88716.06.50.13002017-06-12
CVE-2017-159086.07.50.23632017-10-26
CVE-2018-57116.05.50.13202018-01-16
CVE-2017-126266.07.50.10252018-01-29
CVE-2018-10416.07.50.15812018-02-15