Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-807 (在安全决策中依赖未经信任的输入) — Vulnerability Class 58

58 vulnerabilities classified as CWE-807 (在安全决策中依赖未经信任的输入). AI Chinese analysis included.

CWE-807 represents a critical security weakness where a system’s protective mechanisms depend on untrusted inputs that attackers can manipulate to bypass defenses. This flaw typically arises when developers erroneously assume that client-side data, such as cookies, environment variables, or hidden form fields, remain immutable and trustworthy. Attackers exploit this vulnerability by modifying these inputs using customized clients or other interception techniques, effectively tricking the application into granting unauthorized access or executing privileged actions. To mitigate this risk, developers must never rely on client-side validation for security decisions. Instead, they should enforce strict server-side validation, implement robust authentication and authorization checks independent of user-supplied data, and treat all external inputs as potentially hostile. By decoupling security logic from untrusted sources, organizations can prevent attackers from circumventing protective measures through simple input tampering.

MITRE CWE Description
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software. Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted.
Common Consequences (1)
Confidentiality, Access Control, Availability, OtherBypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context
Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to expo…
Mitigations (5)
Architecture and DesignStore state information and sensitive data on the server side only. Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions. If information must be stored on the cli…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. With a stateless protocol such as HTTP, use a framework that maintains the state for you. Examples include ASP.NET View State [REF-756] and the OWASP ESAPI Session Management feature [REF-45]. Be careful of language features that provide state support, since …
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Operation, ImplementationWhen using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.
Architecture and Design, ImplementationUnderstand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly throug…
Examples (2)
The following code excerpt reads a value from a browser cookie to determine the role of the user.
Cookie[] cookies = request.getCookies(); for (int i =0; i< cookies.length; i++) { Cookie c = cookies[i]; if (c.getName().equals("role")) { userRole = c.getValue(); } }
Bad · Java
The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.
$auth = $_COOKIES['authenticated']; if (! $auth) { if (AuthenticateUser($_POST['user'], $_POST['password']) == "success") { // save the cookie to send out in future responses setcookie("authenticated", "1", time()+60*60*2); } else { ShowLoginScreen(); die("\n"); } } DisplayMedicalHistory($_POST['patient_ID']);
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-6213 Remote Spark SparkView RCE — SparkView 8.4AIHighAI2026-05-08
CVE-2026-39807 Client-supplied URI scheme trusted without transport verification in bandit — bandit 7.5 -2026-05-01
CVE-2026-41403 OpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request Misclassification — OpenClaw 2.9 Low2026-04-28
CVE-2026-41390 OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper — OpenClaw 7.3 High2026-04-28
CVE-2026-41380 OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables — OpenClaw 7.3 High2026-04-28
CVE-2026-1789 Canon多款产品 安全漏洞 — imagePRESS Series 4.9 Medium2026-04-23
CVE-2026-41299 OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard — OpenClaw 7.1 High2026-04-20
CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1607 6.7 Medium2026-04-14
CVE-2019-25711 SpotFTP Password Recover 2.4.2 Denial of Service via Name Field — SpotFTP Password Recover 6.2 Medium2026-04-12
CVE-2026-35670 OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat — OpenClaw 5.9 Medium2026-04-10
CVE-2026-35655 OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution — OpenClaw 5.7 Medium2026-04-10
CVE-2026-35624 OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk — OpenClaw 4.2 Medium2026-04-09
CVE-2026-35617 OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName — OpenClaw 4.2 Medium2026-04-09
CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision — BASControl20 9.8 Critical2026-04-09
CVE-2026-29134 GINA Domain Switch — Secure Email Gateway 5.3AIMediumAI2026-04-02
CVE-2026-32975 OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist — OpenClaw 9.8 Critical2026-03-29
CVE-2019-25621 Pixel Studio 2.17 Denial of Service via Malformed Input — Pixel Studio 6.2 Medium2026-03-23
CVE-2019-25594 ASPRunner.NET 10.1 Denial of Service via Table Name Field — ASPRunner.NET 6.2 Medium2026-03-22
CVE-2019-25544 Pidgin 2.13.0 Denial of Service via Malformed Username — Pidgin 6.2 Medium2026-03-21
CVE-2026-32898 OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata — OpenClaw 5.4 Medium2026-03-21
CVE-2026-32057 OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter — OpenClaw 7.1 High2026-03-21
CVE-2026-29794 Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers — vikunja 5.3 Medium2026-03-20
CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File — claude-code 8.8 -2026-03-20
CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2026-02-10
CVE-2026-25958 Cube privilege escalation via a specially crafted request — cube 7.7 High2026-02-09
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability — Microsoft 365 Apps for Enterprise 7.8 High2026-01-26
CVE-2026-23848 MyTube has Rate Limiting Bypass via X-Forwarded-For Header Spoofing — MyTube 6.5 Medium2026-01-19
CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.5 High2026-01-13
CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability — text-generation-webui 9.8 -2025-11-06
CVE-2025-12488 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability — text-generation-webui 9.8 -2025-11-06

Vulnerabilities classified as CWE-807 (在安全决策中依赖未经信任的输入) represent 58 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.