目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-346 源验证错误 类漏洞列表 188

CWE-346 源验证错误 类弱点 188 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-346 属于源验证错误漏洞,指产品未能正确验证数据或通信来源的有效性。攻击者通常通过伪造请求源或篡改通信上下文,诱导系统处理恶意数据,从而绕过安全控制或执行未授权操作。开发者应实施严格的源验证机制,如校验请求头、使用数字签名或验证通信通道,确保数据确实来自可信且预期的源头,以杜绝此类风险。

MITRE CWE 官方描述
CWE:CWE-346 来源验证错误(Origin Validation Error) 英文:产品未能正确验证数据来源或通信来源的有效性。
常见影响 (1)
Access Control, OtherGain Privileges or Assume Identity, Varies by Context
An attacker can access any functionality that is inadvertently accessible to the source.
代码示例 (2)
This Android application will remove a user account when it receives an intent to do so:
IntentFilter filter = new IntentFilter("com.example.RemoveUser"); MyReceiver receiver = new MyReceiver(); registerReceiver(receiver, filter); public class DeleteReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { int userID = intent.getIntExtra("userID"); destroyUserData(userID); } }
Bad · Java
These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:
// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }
Bad · Java
// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }
Bad · Objective-C
CVE ID标题CVSS风险等级Published
CVE-2026-6734 Node.js undici 输入验证错误漏洞 — undici 7.5 High2026-06-17
CVE-2026-47825 Spring Cloud Gateway 输入验证错误漏洞 — Spring Cloud Gateway 8.6 High2026-06-15
CVE-2026-9595 webpack-dev-server 输入验证错误漏洞 — webpack-dev-server 5.3 Medium2026-06-15
CVE-2026-11624 Google MCP Toolbox for Databases 输入验证错误漏洞 — MCP Toolbox for Databases--2026-06-13
CVE-2026-45173 CyberArk Idira Identity Browser Extension 访问控制错误漏洞 — Identity Browser Extensions--2026-06-11
CVE-2026-41700 VMware Spring for GraphQL 访问控制错误漏洞 — Spring for GraphQL 8.1 High2026-06-11
CVE-2026-10846 NLnet Labs ldns 访问控制错误漏洞 — ldns--2026-06-10
CVE-2026-44755 SAP Business Objects Business Intelligence Platform 访问控制错误漏洞 — SAP Business Objects Business Intelligence Platform 4.3 Medium2026-06-09
CVE-2026-43972 Gun 访问控制错误漏洞 — gun--2026-06-08
CVE-2026-6657 Jupyter Server 安全漏洞 — jupyter/jupyter--2026-06-03
CVE-2026-47265 aiohttp 访问控制错误漏洞 — aiohttp--2026-06-02
CVE-2026-45021 Kuma 安全漏洞 — kuma--2026-05-28
CVE-2025-66593 Synology Assistant 访问控制错误漏洞 — Synology Assistant 6.1 Medium2026-05-27
CVE-2025-66592 Synology Active Backup for Business Agent 访问控制错误漏洞 — Synology Active Backup for Business Agent 6.1 Medium2026-05-27
CVE-2025-13593 Synology ActiveProtect Agent 访问控制错误漏洞 — ActiveProtect Agent 6.1 Medium2026-05-27
CVE-2026-44985 Dozzle 访问控制错误漏洞 — dozzle--2026-05-26
CVE-2026-42901 Microsoft Entra ID 访问控制错误漏洞 — Microsoft Entra 10.0 Critical2026-05-22
CVE-2026-45207 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-45206 Trend Micro TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34930 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34929 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34928 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34927 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2025-71213 Trend Micro Apex One 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-2611 MLflow 访问控制错误漏洞 — mlflow/mlflow--2026-05-19
CVE-2026-6339 Mattermost 访问控制错误漏洞 — Mattermost 4.3 Medium2026-05-18
CVE-2026-46728 DENX Software Engineering Das U-Boot 访问控制错误漏洞 — U-Boot 8.2 High2026-05-16
CVE-2026-42559 RMCP 访问控制错误漏洞 — rust-sdk 8.8 High2026-05-14
CVE-2026-44184 Cleanuparr 访问控制错误漏洞 — Cleanuparr 8.0 High2026-05-12
CVE-2026-6508 Tubitak Ulakbim LiderAhenk Software 访问控制错误漏洞 — Liderahenk 9.8 Critical2026-05-07

CWE-346(源验证错误) 是常见的弱点类别,本平台收录该类弱点关联的 188 条 CVE 漏洞。