CWE-1280 – Access Control Check Implemented After Asset is Accessed | Common Weakness Enumeration (CWE)

Overview

CWE-1280 (Access Control Check Implemented After Asset is Accessed) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

A product's hardware-based access control check occurs after the asset has been accessed.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	Verilog	—	Undetermined	—
language	VHDL	—	Undetermined	—
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2026-3607	2026-05-14	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develop…

Content submission

Name: Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
Organization: Intel Corporation
Date: 2020-02-12
Version: 4.1

Content modifications

Date	Name	Version	Importance	Comment
2020-08-20	CWE Content Team	4.2	—	updated Applicable_Platforms, Demonstrative_Examples, Description, Related_Attack_Patterns
2022-10-13	CWE Content Team	4.9	—	updated Demonstrative_Examples
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2023-10-26	CWE Content Team	4.13	—	updated Demonstrative_Examples
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities