BaseDraft

CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data

Category: other

Description

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Common consequences· 1

  • Access Control / Integrity — Bypass Protection Mechanism, Modify Application Data
    An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.

Related CAPEC attack patterns· 3

CAPEC-141CAPEC-142CAPEC-75

References

  1. https://cwe.mitre.org/data/definitions/349.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternCache Poisoningcapec-141100%live
AttackPatternManipulating Writeable Configuration Filescapec-75100%live
AttackPatternDNS Cache Poisoningcapec-142100%live

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-40776cve-2025-407760%live
VulnerabilityCVE-2025-40778cve-2025-407780%live
VulnerabilityCVE-2026-32162cve-2026-321620%live
VulnerabilityCVE-2026-42960cve-2026-429600%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insufficient Verification of Data Authenticity
CWE
Deserialization of Untrusted Data
CWE
Improper Verification of Cryptographic Signature
CWE
Trust Boundary Violation
CWE
Improper Neutralization of Multiple Internal Special Elements
CWE
Improper Neutralization of Multiple Leading Special Elements
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.