Home/CWE/Business Logic Errors
Weakness

Business Logic Errors

CWE-840 · Category

Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality.

However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.

ATT&CK Techniques

3
Adversary techniques associated with this weakness, via MITRE CAPEC and authoritative CTID CVE mappings.
T1078Valid Accounts
T1098Account Manipulation
T1552Unsecured Credentials

CVEs With This Weakness

88
A sample of the 88 CVEs tagged with this weakness.
CVECVE-2026-8738
CVECVE-2026-5812
CVECVE-2026-5811
CVECVE-2026-4547
CVECVE-2026-41973
CVECVE-2026-41971
CVECVE-2026-41968
CVECVE-2026-41967
CVECVE-2026-41966
CVECVE-2026-41965
CVECVE-2026-41961
CVECVE-2026-28550
View all 88 CVEs with this weakness
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh