CWE-1116 (Inaccurate Source Code Comments) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.
Description
The source code contains comments that do not accurately
describe or explain aspects of the portion of the code with which the comment is
associated.
Applicable platforms
Kind
Name
Class
Prevalence
OS / CPE
language
—
Not Language-Specific
Undetermined
—
Related CVEs in this database
These CVEs are mapped to this weakness in this database and kept for traceability and search.
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted d…
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-t…
PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information i…
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external …
Previous names
Inaccurate Comments(2025-12-11)
Content submission
Name
CWE Content Team
Organization
MITRE
Date
2018-07-02
Version
3.2
Comment
Entry derived from Common Quality Enumeration (CQE) Draft 0.9.