CWE-733— Compiler Optimization Removal or Modification of Security-critical Code
The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.— MITRE CWE catalog
9 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-733page 1 of 1
- CVE-2020-15294HIGHCVSS 7.8EG 7.82020-12-17
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may…
- CVE-2024-58262LOWCVSS 2.9EG 2.92025-07-27
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.
- CVE-2025-13024CRITICALCVSS 9.8EG 9.82025-11-11
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
- CVE-2025-20241HIGHCVSS 7.4EG 7.42025-08-27
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, ad…
- CVE-2025-52496HIGHCVSS 7.8EG 7.82025-07-04
Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
- CVE-2026-10702MEDIUMCVSS 4.3EG 4.32026-06-02
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
- CVE-2026-12299MEDIUMCVSS 5.4EG 5.42026-06-16
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-4698CRITICALCVSS 9.8EG 9.82026-03-24
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- CVE-2026-8389HIGHCVSS 8.8EG 7.32026-05-12
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Map vulnerabilities like CWE-733 to your infrastructure
EchelonGraph correlates every CVE — across CWE-733 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →