BaseIncomplete

CWE-1286Improper Validation of Syntactic Correctness of Input

Category: other

Description

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

Common consequences· 1

  • Other — Varies by Context

Potential mitigations· 1

  • [Implementation]

Related CAPEC attack patterns· 2

CAPEC-66CAPEC-676

References

  1. https://cwe.mitre.org/data/definitions/1286.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternSQL Injectioncapec-66100%live
AttackPatternNoSQL Injectioncapec-676100%live

(incoming)3

TypeTargetConfidenceTier
VulnerabilityCVE-2025-41719cve-2025-417190%live
VulnerabilityCVE-2026-25513cve-2026-255130%live
VulnerabilityCVE-2026-6442cve-2026-64420%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Handling of Syntactically Invalid Structure
CWE
Improper Validation of Specified Type of Input
CWE
Improper Input Validation
CWE
Improper Validation of Consistency within Input
CWE
Improper Handling of Unexpected Data Type
CWE
Failure to Handle Incomplete Element
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.