ClassDraft

CWE-346Origin Validation Error

Category: other

Description

The product does not properly verify that the source of data or communication is valid.

Common consequences· 1

  • Access Control / Other — Gain Privileges or Assume Identity, Varies by Context
    An attacker can access any functionality that is inadvertently accessible to the source.

Related CAPEC attack patterns· 16

CAPEC-111CAPEC-141CAPEC-142CAPEC-160CAPEC-21CAPEC-384CAPEC-385CAPEC-386CAPEC-387CAPEC-388CAPEC-510CAPEC-59CAPEC-60CAPEC-75CAPEC-76CAPEC-89

References

  1. https://cwe.mitre.org/data/definitions/346.html

Exploits (incoming)16

TypeTargetConfidenceTier
AttackPatternTransaction or Event Tampering via Application API Manipulationcapec-385100%live
AttackPatternManipulating Web Input to File System Callscapec-76100%live
AttackPatternManipulating Writeable Configuration Filescapec-75100%live
AttackPatternSaaS User Request Forgerycapec-510100%live
AttackPatternPharmingcapec-89100%live
AttackPatternDNS Cache Poisoningcapec-142100%live
AttackPatternExploit Script-Based APIscapec-160100%live
AttackPatternJSON Hijacking (aka JavaScript Hijacking)capec-111100%live
AttackPatternApplication API Message Manipulation via Man-in-the-Middlecapec-384100%live
AttackPatternReusing Session IDs (aka Session Replay)capec-60100%live
AttackPatternExploitation of Trusted Identifierscapec-21100%live
AttackPatternCache Poisoningcapec-141100%live
AttackPatternApplication API Navigation Remappingcapec-386100%live
AttackPatternApplication API Button Hijackingcapec-388100%live
AttackPatternNavigation Remapping To Propagate Malicious Contentcapec-387100%live
AttackPatternSession Credential Falsification through Predictioncapec-59100%live

Compliance frameworks addressing this (incoming)1

TypeTargetConfidenceTier
ComplianceControlowasp_llm_top10-llm01100%live

(incoming)36

TypeTargetConfidenceTier
VulnerabilityCVE-2025-10201cve-2025-102010%live
VulnerabilityCVE-2025-14279cve-2025-142790%live
VulnerabilityCVE-2025-23023cve-2025-230230%live
VulnerabilityCVE-2025-25306cve-2025-253060%live
VulnerabilityCVE-2025-30466cve-2025-304660%live
VulnerabilityLangflow Origin Validation Error Vulnerabilitycve-2025-342910%live
VulnerabilityCVE-2025-4839cve-2025-48390%live
VulnerabilityCVE-2025-51605cve-2025-516050%live
VulnerabilityCVE-2025-59159cve-2025-591590%live
VulnerabilityCVE-2025-59845cve-2025-598450%live
VulnerabilityCVE-2025-63386cve-2025-633860%live
VulnerabilityCVE-2025-63388cve-2025-633880%live
VulnerabilityCVE-2025-69258cve-2025-692580%live
VulnerabilityCVE-2025-7659cve-2025-76590%live
VulnerabilityCVE-2025-9180cve-2025-91800%live
VulnerabilityCVE-2026-22794cve-2026-227940%live
VulnerabilityCVE-2026-23552cve-2026-235520%live
VulnerabilityCVE-2026-2611cve-2026-26110%live
VulnerabilityCVE-2026-26861cve-2026-268610%live
VulnerabilityCVE-2026-27192cve-2026-271920%live
VulnerabilityCVE-2026-27478cve-2026-274780%live
VulnerabilityCVE-2026-2790cve-2026-27900%live
VulnerabilityCVE-2026-32302cve-2026-323020%live
VulnerabilityCVE-2026-32634cve-2026-326340%live
VulnerabilityCVE-2026-34359cve-2026-343590%live
VulnerabilityCVE-2026-34373cve-2026-343730%live
VulnerabilityCVE-2026-35408cve-2026-354080%live
VulnerabilityCVE-2026-35577cve-2026-355770%live
VulnerabilityCVE-2026-41342cve-2026-413420%live
VulnerabilityCVE-2026-42559cve-2026-425590%live

Showing top 30 of 36 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insufficient Verification of Data Authenticity
CWE
Improper Input Validation
CWE
Encoding Error
CWE
Improper Certificate Validation
CWE
Improper Verification of Cryptographic Signature
CWE
Improper Validation of Consistency within Input
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.