BaseDraft

CWE-183Permissive List of Allowed Inputs

Category: other

Description

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Related CAPEC attack patterns· 4

CAPEC-120CAPEC-3CAPEC-43CAPEC-71

References

  1. https://cwe.mitre.org/data/definitions/183.html

Exploits (incoming)4

TypeTargetConfidenceTier
AttackPatternUsing Unicode Encoding to Bypass Validation Logiccapec-71100%live
AttackPatternExploiting Multiple Input Interpretation Layerscapec-43100%live
AttackPatternUsing Leading 'Ghost' Character Sequences to Bypass Input Filterscapec-3100%live
AttackPatternDouble Encodingcapec-120100%live

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-53762cve-2025-537620%live
VulnerabilityCVE-2026-29514cve-2026-295140%live
VulnerabilityCVE-2026-33979cve-2026-339790%live
VulnerabilityCVE-2026-42043cve-2026-420430%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incomplete List of Disallowed Inputs
CWE
Reliance on Untrusted Inputs in a Security Decision
CWE
Misinterpretation of Input
CWE
Improper Control of Resource Identifiers ('Resource Injection')
CWE
Violation of Secure Design Principles
CWE
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.