CWE-627: Dynamic Variable Evaluation

low-risk

In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.

Abstraction: Variant

Common Consequences

Confidentiality → Modify Application Data

Real-World Examples (5)

CVE	CVSS	EPSS	KEV
CVE-2024-8953	9.8	0.3%	—
CVE-2026-2415	5.9	0.0%	—
CVE-2026-2452	6.5	0.0%	—
CVE-2026-2451	6.5	0.0%	—
CVE-2023-31032	7.5	0.0%	—

/ 100

low-risk

Active Threat 0/50 · Minimal

Exploit Availability 0/50 · Minimal