Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-351 (不充分的类型区分) — Vulnerability Class 10

10 vulnerabilities classified as CWE-351 (不充分的类型区分). AI Chinese analysis included.

CWE-351, Insufficient Type Distinction, represents a logic flaw where software fails to adequately differentiate between distinct data types or object categories. This weakness typically arises when an application accepts user input without strict validation, allowing attackers to inject malicious payloads that exploit ambiguous type handling. For instance, an attacker might supply a string where an integer is expected, triggering unexpected behavior or bypassing security controls. Exploitation often leads to injection attacks, privilege escalation, or data corruption. To mitigate this risk, developers must enforce strict type checking and validation at every input boundary. Utilizing strongly typed languages, implementing robust schema validation, and avoiding dynamic type coercion are essential practices. By ensuring that data types are explicitly verified and handled correctly, developers can prevent attackers from manipulating the application’s logic through type confusion vulnerabilities.

MITRE CWE Description
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
Common Consequences (1)
OtherOther
CVE IDTitleCVSSSeverityPublished
CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension — OpenClaw 5.4 Medium2026-04-23
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures — contao 6.6 Medium2025-11-25
CVE-2025-54413 skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time — skops 9.8 -2025-07-26
CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution — skops 8.8 -2025-07-26
CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer — typo3 5.4 Medium2025-05-20
CVE-2025-30510 Growatt Cloud portal Insufficient Type Distinction — Cloud portal 9.8 Critical2025-04-15
CVE-2025-32035 DNN does not check the contents of a file when uploading files — Dnn.Platform 2.6 Low2025-04-08
CVE-2024-45676 IBM Cognos Controller file upload — Cognos Controller 4.3 Medium2024-12-03
CVE-2023-2866 Advantech WebAccess Insufficient Type Distinction — WebAccess/SCADA 7.3 High2023-06-07
CVE-2020-10134 Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks — LE 6.3 Medium2020-05-19

Vulnerabilities classified as CWE-351 (不充分的类型区分) represent 10 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.