BaseIncomplete

CWE-1336Improper Neutralization of Special Elements Used in a Template Engine

Category: other

Description

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

Common consequences· 1

  • Integrity — Execute Unauthorized Code or Commands

Potential mitigations· 2

  • [Architecture and Design]Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
  • [Implementation]Use the template engine's sandbox or restricted mode, if available.

References

  1. https://cwe.mitre.org/data/definitions/1336.html

Compliance frameworks addressing this (incoming)1

TypeTargetConfidenceTier
ComplianceControlowasp_llm_top10-llm07100%live

(incoming)57

TypeTargetConfidenceTier
VulnerabilityCVE-2025-10380cve-2025-103800%live
VulnerabilityCVE-2025-1040cve-2025-10400%live
VulnerabilityCVE-2025-14700cve-2025-147000%live
VulnerabilityCVE-2025-23211cve-2025-232110%live
VulnerabilityCVE-2025-27516cve-2025-275160%live
VulnerabilityCVE-2025-32461cve-2025-324610%live
VulnerabilityCVE-2025-3841cve-2025-38410%live
VulnerabilityCVE-2025-46661cve-2025-466610%live
VulnerabilityCVE-2025-47916cve-2025-479160%live
VulnerabilityCVE-2025-49619cve-2025-496190%live
VulnerabilityCVE-2025-49828cve-2025-498280%live
VulnerabilityCVE-2025-52122cve-2025-521220%live
VulnerabilityCVE-2025-5325cve-2025-53250%live
VulnerabilityCVE-2025-53833cve-2025-538330%live
VulnerabilityCVE-2025-59340cve-2025-593400%live
VulnerabilityCVE-2025-60355cve-2025-603550%live
VulnerabilityCVE-2025-64087cve-2025-640870%live
VulnerabilityCVE-2025-65602cve-2025-656020%live
VulnerabilityCVE-2025-66294cve-2025-662940%live
VulnerabilityCVE-2025-66297cve-2025-662970%live
VulnerabilityCVE-2025-66299cve-2025-662990%live
VulnerabilityCVE-2025-66434cve-2025-664340%live
VulnerabilityCVE-2025-66437cve-2025-664370%live
VulnerabilityCVE-2025-66438cve-2025-664380%live
VulnerabilityCVE-2025-67843cve-2025-678430%live
VulnerabilityCVE-2025-68454cve-2025-684540%live
VulnerabilityCVE-2025-68929cve-2025-689290%live
VulnerabilityCVE-2025-69516cve-2025-695160%live
VulnerabilityCVE-2026-1868cve-2026-18680%live
VulnerabilityCVE-2026-21448cve-2026-214480%live

Showing top 30 of 57 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE
Improper Handling of Invalid Use of Special Elements
CWE
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CWE
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.