CWE-696 不正确的行为次序 类弱点 25 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-696属于逻辑顺序错误漏洞,指软件执行多个相关行为时顺序颠倒,导致产生安全弱点。攻击者通常利用此缺陷,通过触发特定时序的交互,绕过安全检查或引发状态不一致,从而执行未授权操作或造成系统崩溃。开发者应避免此类问题,需严格审查业务逻辑流程,确保关键操作(如验证、授权)在敏感动作前正确执行,并通过单元测试验证时序逻辑的健壮性。
String path = getInputPath(); if (path.startsWith("/safe_dir/")) { File f = new File(path); return f.getCanonicalPath(); }String path = getInputPath(); File f = new File(path); if (f.getCanonicalPath().startsWith("/safe_dir/")) { return f.getCanonicalPath(); }function printFile($username,$filename){ //read file into string $file = file_get_contents($filename); if ($file && isOwnerOf($username,$filename)){ echo $file; return true; } else{ echo 'You are not authorized to view this file'; } return false; }| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-44600 | Tor <0.4.9.7 计数逻辑漏洞 — Tor | 3.7 | Low | 2026-05-07 |
| CVE-2026-43002 | OpenStack Horizon 25.6-25.7.2 未授权会话存储耗尽漏洞 — Horizon | 5.3 | Medium | 2026-05-05 |
| CVE-2026-41254 | Little CMS 安全漏洞 — little cms color engine | 4.0 | Medium | 2026-04-18 |
| CVE-2026-35652 | OpenClaw 安全漏洞 — OpenClaw | 6.5 | Medium | 2026-04-10 |
| CVE-2026-40223 | systemd 安全漏洞 — systemd | 4.7 | Medium | 2026-04-10 |
| CVE-2026-35640 | OpenClaw 安全漏洞 — OpenClaw | 5.3 | Medium | 2026-04-09 |
| CVE-2026-35637 | OpenClaw 安全漏洞 — OpenClaw | 7.3 | High | 2026-04-09 |
| CVE-2026-35636 | OpenClaw 安全漏洞 — OpenClaw | 6.5 | Medium | 2026-04-09 |
| CVE-2026-35627 | OpenClaw 安全漏洞 — OpenClaw | 6.5 | Medium | 2026-04-09 |
| CVE-2026-35386 | OpenSSH 安全漏洞 — OpenSSH | 3.6 | Low | 2026-04-02 |
| CVE-2026-33305 | OpenEMR 安全漏洞 — openemr | 5.4 | Medium | 2026-03-19 |
| CVE-2025-9904 | Canon多款产品 安全漏洞 — Generic Plus PCL6 Printer Driver | 5.3 | Medium | 2025-09-29 |
| CVE-2025-55114 | BMC Control-M 安全漏洞 — Control-M/Agent | 5.3 | Medium | 2025-09-16 |
| CVE-2025-48965 | Mbed TLS 安全漏洞 — mbedtls | 4.0 | Medium | 2025-07-20 |
| CVE-2021-47688 | WhiteBeam 安全漏洞 — WhiteBeam | 5.7 | Medium | 2025-06-23 |
| CVE-2025-31485 | API Platform Core 安全漏洞 — core | 7.5 | High | 2025-04-03 |
| CVE-2025-0150 | Zoom Workplace 安全漏洞 — Zoom Workplace Apps for iOS | 7.1 | High | 2025-03-11 |
| CVE-2023-52968 | MariaDB 安全漏洞 — MariaDB | 4.9 | Medium | 2025-03-08 |
| CVE-2024-35229 | ZKsync Era 安全漏洞 — era-compiler-solidity | 5.3 | Medium | 2024-05-27 |
| CVE-2024-30389 | Juniper Networks Junos OS 安全漏洞 — Junos OS | 5.8 | Medium | 2024-04-12 |
| CVE-2024-30410 | Juniper Networks Junos OS 安全漏洞 — Junos | 5.8 | Medium | 2024-04-12 |
| CVE-2023-23576 | Gallagher Command Centre 安全漏洞 — Command Centre Server | 4.3 | Medium | 2023-12-18 |
| CVE-2023-33224 | SolarWinds Platform 安全漏洞 — SolarWinds Platform | 7.2 | High | 2023-07-26 |
| CVE-2021-22569 | Google protobuf 安全漏洞 — protobuf-java | 7.5 | High | 2022-01-07 |
| CVE-2021-31379 | Juniper Networks Junos OS 安全漏洞 — Junos OS | 7.5 | High | 2021-10-19 |
CWE-696(不正确的行为次序) 是常见的弱点类别,本平台收录该类弱点关联的 25 条 CVE 漏洞。