Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-693 (保护机制失效) — Vulnerability Class 224

224 vulnerabilities classified as CWE-693 (保护机制失效). AI Chinese analysis included.

CWE-693 represents a critical vulnerability where software fails to implement or correctly utilize necessary security controls, leaving systems exposed to directed attacks. This weakness manifests in two primary forms: missing mechanisms, where no defense exists for a specific threat vector, and insufficient mechanisms, where existing safeguards are inadequate or improperly configured. Attackers typically exploit these gaps by bypassing authentication, escalating privileges, or accessing sensitive data that should have been restricted. To mitigate this risk, developers must conduct rigorous threat modeling to identify all potential attack surfaces and ensure comprehensive security controls are in place. Regular code reviews and automated security testing help verify that protection mechanisms function as intended. By adopting a defense-in-depth strategy and validating that every security feature is both present and robust, organizations can significantly reduce the likelihood of exploitation and maintain the integrity of their applications.

MITRE CWE Description
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only) — vm2 9.8 Critical2026-05-04
CVE-2026-24120 vm2: Sandbox Breakout Through Promise Species — vm2 9.8 Critical2026-05-04
CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class — erb 8.1 High2026-04-24
CVE-2026-41469 Beghelli Sicuro24 SicuroWeb Missing Content Security Policy — SicuroWeb (Sicuro24) 5.2 Medium2026-04-22
CVE-2026-40604 ClearanceKit: opfilter system extension can be suspended or signalled by a root process, disabling file-access policy enforcement — clearancekit 7.1AIHighAI2026-04-21
CVE-2026-32225 Windows Shell Security Feature Bypass Vulnerability — Windows 10 Version 1607 8.8 High2026-04-14
CVE-2026-32202 Windows Shell Spoofing Vulnerability — Windows 10 Version 1607 4.3 Medium2026-04-14
CVE-2026-22692 October CMS: Twig Sandbox Bypass via Collection Methods — october 4.9 Medium2026-04-14
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect — MaxKB 6.3 Medium2026-04-14
CVE-2026-39420 MaxKB: Sandbox escape via LD_PRELOAD bypass — MaxKB 6.3 Medium2026-04-14
CVE-2026-34208 SandboxJS: Sandbox integrity escape — SandboxJS 10.0 Critical2026-04-06
CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code — PraisonAI 10.0 Critical2026-04-03
CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out — vllm 8.8 High2026-03-26
CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) — harden-runner 9.1 -2026-03-20
CVE-2026-32946 Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) — harden-runner 8.6 -2026-03-20
CVE-2026-3965 whyour qinglong API express.ts protection mechanism — qinglong 6.3 Medium2026-03-11
CVE-2026-30938 Parse Server has denylist `requestKeywordDenylist` keyword scan bypass through nested object placement — parse-server 9.1AICriticalAI2026-03-10
CVE-2025-58406 Lack of HTTP Response Headers — CGM CLININET 6.5AIMediumAI2026-03-02
CVE-2026-26994 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries — utls 6.5 Medium2026-02-20
CVE-2026-21510 Windows Shell Security Feature Bypass Vulnerability — Windows 10 Version 1607 8.8 High2026-02-10
CVE-2026-21513 MSHTML Framework Security Feature Bypass Vulnerability — Windows 10 Version 1607 8.8 High2026-02-10
CVE-2026-25115 n8n is vulnerable to Python sandbox escape — n8n 9.9AICriticalAI2026-02-04
CVE-2026-0620 L2TP over IPSec Encryption Failure on ArcherAXE75 — AXE75 7.5AIHighAI2026-02-03
CVE-2026-1232 Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows — Privilege management for Windows 6.7AIMediumAI2026-02-02
CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability — Web Help Desk 8.1 High2026-01-28
CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability. — AION 3.5 Low2026-01-19
CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm — enclave 10.0 Critical2026-01-13
CVE-2026-20824 Windows Remote Assistance Security Feature Bypass Vulnerability — Windows 10 Version 1607 5.5 Medium2026-01-13
CVE-2025-69264 pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default" — pnpm 8.8 High2026-01-07
CVE-2025-15422 EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism — EmpireCMS 5.3 Medium2026-01-02

Vulnerabilities classified as CWE-693 (保护机制失效) represent 224 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.