ClassDraft
CWE-116Improper Encoding or Escaping of Output
Category: other
Description
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Common consequences· 3
- Integrity — Modify Application DataThe communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted.
- Integrity / Confidentiality / Availability / Access Control — Execute Unauthorized Code or CommandsThe communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted.
- Confidentiality — Bypass Protection MechanismThe communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted.
Potential mitigations· 5
- [Architecture and Design]
- [Architecture and Design]
- [Architecture and Design, Implementation]Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
- [Architecture and Design]In some cases, input validation may be an important strategy when output encoding is not a complete solution. For example, you may be providing the same output that will be processed by multiple consumers that use different encodings or representations. In other cases, you may be required to allow user-supplied input to contain control information, such as limited HTML tags that support formatting in a wiki or bulletin board. When this type of requirement must be met, use an extremely strict allowlist to limit which control sequences can be used. Verify that the resulting syntactic structure is what you expect. Use your normal encoding methods for the remainder of the input.
- [Architecture and Design]Use input validation as a defense-in-depth measure to reduce the likelihood of output encoding errors (see CWE-20).
Related CAPEC attack patterns· 4
References
Exploits (incoming)4
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | AJAX Footprintingcapec-85 | 100% | live |
| AttackPattern | User-Controlled Filenamecapec-73 | 100% | live |
| AttackPattern | Web Server Logs Tamperingcapec-81 | 100% | live |
| AttackPattern | Cross Zone Scriptingcapec-104 | 100% | live |
(incoming)33
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-11713cve-2025-11713 | 0% | live |
| Vulnerability | CVE-2025-31651cve-2025-31651 | 0% | live |
| Vulnerability | CVE-2025-32974cve-2025-32974 | 0% | live |
| Vulnerability | CVE-2025-40547cve-2025-40547 | 0% | live |
| Vulnerability | CVE-2025-46347cve-2025-46347 | 0% | live |
| Vulnerability | CVE-2025-49013cve-2025-49013 | 0% | live |
| Vulnerability | CVE-2025-55729cve-2025-55729 | 0% | live |
| Vulnerability | CVE-2025-55730cve-2025-55730 | 0% | live |
| Vulnerability | CVE-2025-55903cve-2025-55903 | 0% | live |
| Vulnerability | CVE-2025-56266cve-2025-56266 | 0% | live |
| Vulnerability | CVE-2025-59158cve-2025-59158 | 0% | live |
| Vulnerability | CVE-2025-59936cve-2025-59936 | 0% | live |
| Vulnerability | CVE-2025-61773cve-2025-61773 | 0% | live |
| Vulnerability | CVE-2025-64325cve-2025-64325 | 0% | live |
| Vulnerability | CVE-2026-22792cve-2026-22792 | 0% | live |
| Vulnerability | CVE-2026-24737cve-2026-24737 | 0% | live |
| Vulnerability | CVE-2026-25755cve-2026-25755 | 0% | live |
| Vulnerability | CVE-2026-25940cve-2026-25940 | 0% | live |
| Vulnerability | CVE-2026-27169cve-2026-27169 | 0% | live |
| Vulnerability | CVE-2026-27812cve-2026-27812 | 0% | live |
| Vulnerability | CVE-2026-28907cve-2026-28907 | 0% | live |
| Vulnerability | CVE-2026-32754cve-2026-32754 | 0% | live |
| Vulnerability | CVE-2026-33301cve-2026-33301 | 0% | live |
| Vulnerability | CVE-2026-33941cve-2026-33941 | 0% | live |
| Vulnerability | CVE-2026-35569cve-2026-35569 | 0% | live |
| Vulnerability | CVE-2026-35582cve-2026-35582 | 0% | live |
| Vulnerability | CVE-2026-40568cve-2026-40568 | 0% | live |
| Vulnerability | CVE-2026-42810cve-2026-42810 | 0% | live |
| Vulnerability | CVE-2026-43938cve-2026-43938 | 0% | live |
| Vulnerability | CVE-2026-45375cve-2026-45375 | 0% | live |
Showing top 30 of 33 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.