CWE-346 源验证错误 类弱点 159 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-346 属于源验证错误漏洞,指产品未能正确验证数据或通信来源的有效性。攻击者通常通过伪造请求源或篡改通信上下文,诱导系统处理恶意数据,从而绕过安全控制或执行未授权操作。开发者应实施严格的源验证机制,如校验请求头、使用数字签名或验证通信通道,确保数据确实来自可信且预期的源头,以杜绝此类风险。
IntentFilter filter = new IntentFilter("com.example.RemoveUser"); MyReceiver receiver = new MyReceiver(); registerReceiver(receiver, filter); public class DeleteReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { int userID = intent.getIntExtra("userID"); destroyUserData(userID); } }// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-6508 | TUBITAK BILGEM Liderahenk 远程代码执行漏洞 — Liderahenk | 9.8 | Critical | 2026-05-07 |
| CVE-2026-43870 | Apache Thrift Node.js web_server.js 多漏洞 — Apache Thrift | 7.5AI | HighAI | 2026-05-05 |
| CVE-2026-7439 | AgentFlow 访问控制错误漏洞 — AgentFlow | 4.4 | Medium | 2026-04-29 |
| CVE-2026-41398 | OpenClaw 访问控制错误漏洞 — OpenClaw | 4.6 | Medium | 2026-04-28 |
| CVE-2026-41393 | OpenClaw 访问控制错误漏洞 — OpenClaw | 4.8 | Medium | 2026-04-28 |
| CVE-2026-41376 | OpenClaw 访问控制错误漏洞 — OpenClaw | 5.4 | Medium | 2026-04-28 |
| CVE-2026-41358 | OpenClaw 访问控制错误漏洞 — OpenClaw | 5.4 | Medium | 2026-04-23 |
| CVE-2026-41342 | OpenClaw 访问控制错误漏洞 — OpenClaw | 7.3 | High | 2026-04-23 |
| CVE-2026-41057 | WWBN AVideo 访问控制错误漏洞 — AVideo | 7.1 | High | 2026-04-21 |
| CVE-2026-40594 | pyLoad 安全漏洞 — pyload | 4.8 | Medium | 2026-04-21 |
| CVE-2026-35577 | Apollo MCP Server 访问控制错误漏洞 — apollo-mcp-server | 6.8 | Medium | 2026-04-09 |
| CVE-2026-34720 | Zammad 访问控制错误漏洞 — zammad | 7.1AI | HighAI | 2026-04-08 |
| CVE-2026-35568 | MCP Java SDK 访问控制错误漏洞 — java-sdk | 6.3AI | MediumAI | 2026-04-07 |
| CVE-2026-35408 | Directus 安全漏洞 — directus | 8.7 | High | 2026-04-06 |
| CVE-2026-37977 | Keycloak 访问控制错误漏洞 — Red Hat Build of Keycloak | 3.7 | Low | 2026-04-06 |
| CVE-2026-34777 | Electron 访问控制错误漏洞 — electron | 5.4 | Medium | 2026-04-03 |
| CVE-2026-34083 | Signal K Server 安全漏洞 — signalk-server | 6.1 | Medium | 2026-04-02 |
| CVE-2026-34359 | HAPI FHIR 安全漏洞 — org.hl7.fhir.core | 7.4 | High | 2026-03-31 |
| CVE-2026-34373 | Parse Server 访问控制错误漏洞 — parse-server | 8.2AI | HighAI | 2026-03-31 |
| CVE-2026-21790 | HCL Traveler 安全漏洞 — Traveler | 6.3 | Medium | 2026-03-24 |
| CVE-2026-32317 | Cryptomator 安全漏洞 — android | 7.6 | High | 2026-03-20 |
| CVE-2026-32318 | Cryptomator 安全漏洞 — ios | 7.6 | High | 2026-03-20 |
| CVE-2026-32303 | Cryptomator 安全漏洞 — cryptomator | 7.6 | High | 2026-03-20 |
| CVE-2026-32634 | glances 安全漏洞 — glances | 8.1 | High | 2026-03-18 |
| CVE-2026-32632 | glances 安全漏洞 — glances | 5.9 | Medium | 2026-03-18 |
| CVE-2026-2457 | Mattermost 安全漏洞 — Mattermost | 4.3 | Medium | 2026-03-16 |
| CVE-2026-32302 | OpenClaw 访问控制错误漏洞 — openclaw | 8.1 | High | 2026-03-12 |
| CVE-2026-30964 | Webauthn Framework 访问控制错误漏洞 — webauthn-framework | 5.4 | Medium | 2026-03-10 |
| CVE-2026-25604 | Apache Airflow 安全漏洞 — Apache Airflow Providers Amazon | 9.8AI | CriticalAI | 2026-03-09 |
| CVE-2026-28403 | Textream 访问控制错误漏洞 — textream | 7.6 | High | 2026-03-02 |
CWE-346(源验证错误) 是常见的弱点类别,本平台收录该类弱点关联的 159 条 CVE 漏洞。