Home/CWE/Asymmetric Resource Consumption (Amplification)
Weakness

Asymmetric Resource Consumption (Amplification)

CWE-405 · Class · Incomplete

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric.".

Extended description

This can lead to poor performance due to "amplification" of resource consumption, typically in a non-linear fashion. This situation is worsened if the product allows malicious users or attackers to consume more resources than their access level permits.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-400 · Uncontrolled Resource Consumption
Children (more specific)
ParentOfCWE-1050 · Excessive Platform Resource Consumption within a Loop
ParentOfCWE-1072 · Data Resource Access without Use of Connection Pooling
ParentOfCWE-1073 · Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
ParentOfCWE-1084 · Invokable Control Element with Excessive File or Data Access Operations
ParentOfCWE-1089 · Large Data Table with Excessive Number of Indices
ParentOfCWE-1094 · Excessive Index Range Scan for a Data Resource
ParentOfCWE-1176 · Inefficient CPU Computation
ParentOfCWE-406 · Insufficient Control of Network Message Volume (Network Amplification)
ParentOfCWE-407 · Inefficient Algorithmic Complexity
ParentOfCWE-408 · Incorrect Behavior Order: Early Amplification
ParentOfCWE-409 · Improper Handling of Highly Compressed Data (Data Amplification)
ParentOfCWE-776 · Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVEs With This Weakness

41
A sample of the 41 CVEs tagged with this weakness.
CVECVE-2026-44296
CVECVE-2026-35665
CVECVE-2026-35626
CVECVE-2026-25611
CVECVE-2026-24324
CVECVE-2026-22775
CVECVE-2026-22774
CVECVE-2026-0485
CVECVE-2025-8677
CVECVE-2025-68480
CVECVE-2025-66564
CVECVE-2025-66506
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin