diff --git a/ddtrace/appsec/_iast/processor.py b/ddtrace/appsec/_iast/processor.py
index ee2c284adbc..8deee2a1846 100644
--- a/ddtrace/appsec/_iast/processor.py
+++ b/ddtrace/appsec/_iast/processor.py
@@ -48,12 +48,13 @@ def on_span_start(self, span):
         if not _is_iast_enabled():
             return
 
+        from ._taint_tracking import create_context
+
+        create_context()
+
         request_iast_enabled = False
         if oce.acquire_request(span):
-            from ._taint_tracking import create_context
-
             request_iast_enabled = True
-            create_context()
 
         core.set_item(IAST.REQUEST_IAST_ENABLED, request_iast_enabled, span=span)
 
diff --git a/releasenotes/notes/iast-fix-context-creation-2d0dee033723514c.yaml b/releasenotes/notes/iast-fix-context-creation-2d0dee033723514c.yaml
new file mode 100644
index 00000000000..9e798d7cf71
--- /dev/null
+++ b/releasenotes/notes/iast-fix-context-creation-2d0dee033723514c.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Vulnerability Management for Code-level (IAST): This fix addresses an issue where tainting objects may fail due to context not being created in the current span.