Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1288 — Vulnerability Class 15

15 vulnerabilities classified as CWE-1288. AI Chinese analysis included.

CWE-1288 represents a critical input validation weakness where software fails to ensure logical consistency among multiple related data fields. Attackers typically exploit this by submitting malformed inputs where dependent elements contradict each other, such as specifying a count of items that does not match the actual number of provided entries. This inconsistency can trigger unexpected application behavior, leading to denial of service, data corruption, or privilege escalation if the system assumes valid data structures. To mitigate this risk, developers must implement rigorous validation logic that cross-references all interdependent fields before processing. By enforcing strict consistency checks and rejecting inputs that violate established relational constraints, engineers can prevent attackers from manipulating internal state or bypassing security controls through crafted, inconsistent data payloads.

MITRE CWE Description
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. Some input data can be structured with multiple elements or fields that must be consistent with each other, e.g. a number-of-items field that is followed by the expected number of elements. When such complex inputs are inconsistent, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities.
Common Consequences (1)
OtherVaries by Context
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
CVE IDTitleCVSSSeverityPublished
CVE-2022-50976 Innomic VibroLine Configurator and avibia Configurator allow unintended device reset via USB — VibroLine Configurator 5.0 7.7 High2026-02-02
CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111 — Reverse Proxy Header 9.1AICriticalAI2025-10-29
CVE-2025-46722 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation — vllm 4.2 Medium2025-05-29
CVE-2024-12093 Improper Validation of Consistency within Input in GitLab — GitLab 6.8 Medium2025-05-22
CVE-2025-2885 Root metadata version not validated in tough — tough 6.5AIMediumAI2025-03-27
CVE-2024-8305 MongoDB Server secondaries may crash due to forced index constraints — MongoDB Server 6.5 Medium2024-10-21
CVE-2024-39515 Junos OS and Junos OS Evolved: With BGP traceoptions enabled, receipt of specifically malformed BGP update causes RPD crash — Junos OS 7.5 High2024-10-09
CVE-2024-5953 389-ds-base: malformed userpassword hash may cause denial of service 5.7 Medium2024-06-18
CVE-2024-31140 JetBrains TeamCity 安全漏洞 — TeamCity 4.1 Medium2024-03-28
CVE-2024-31136 JetBrains TeamCity 安全漏洞 — TeamCity 7.4 High2024-03-28
CVE-2024-25951 Dell iDRAC8 安全漏洞 — Integrated Dell Remote Access Controller 8 8.0 High2024-03-09
CVE-2023-32701 Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP) — QNX Software Development Platform (SDP) 7.1 High2023-11-14
CVE-2023-1620 WAGO: DoS in multiple products in multiple versions using Codesys — 750-8202/xxx-xxx 4.9 Medium2023-06-26
CVE-2023-1619 WAGO: DoS in multiple versions of multiple products — 750-8202/xxx-xxx 4.9 Medium2023-06-26
CVE-2021-41531 Invalid RPKI data could disable Route Origin Validation on RTR clients. — Routinator 7.5 -2021-09-21

Vulnerabilities classified as CWE-1288 represent 15 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.