VariantDraft
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
Category: other
Description
The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.
This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.
Common consequences· 1
- Access Control — Bypass Protection Mechanism
Potential mitigations· 1
- [Implementation]Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Related CAPEC attack patterns· 6
References
Exploits (incoming)6
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Using Leading 'Ghost' Character Sequences to Bypass Input Filterscapec-3 | 100% | live |
| AttackPattern | Using Unicode Encoding to Bypass Validation Logiccapec-71 | 100% | live |
| AttackPattern | Using Slashes in Alternate Encodingcapec-79 | 100% | live |
| AttackPattern | Using Escaped Slashes in Alternate Encodingcapec-78 | 100% | live |
| AttackPattern | Leverage Alternate Encodingcapec-267 | 100% | live |
| AttackPattern | Using UTF-8 Encoding to Bypass Validation Logiccapec-80 | 100% | live |
(incoming)3
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2026-24895cve-2026-24895 | 0% | live |
| Vulnerability | CVE-2026-27590cve-2026-27590 | 0% | live |
| Vulnerability | CVE-2026-34475cve-2026-34475 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.