BaseIncomplete

CWE-356Product UI does not Warn User of Unsafe Actions

Category: other

Description

The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system. Product systems should warn users that a potentially dangerous action may occur if the user proceeds. For example, if the user downloads a file from an unknown source and attempts to execute the file on their machine, then the application's GUI can indicate that the file is unsafe.

Common consequences· 1

  • Non-Repudiation — Hide Activities

References

  1. https://cwe.mitre.org/data/definitions/356.html

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-2450cve-2025-24500%live
VulnerabilityCVE-2025-3839cve-2025-38390%live
VulnerabilityCVE-2025-3909cve-2025-39090%live
VulnerabilityCVE-2026-25805cve-2026-258050%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insufficient UI Warning of Dangerous Operations
CWE
Multiple Interpretations of UI Input
CWE
Omission of Security-relevant Information
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
User Interface (UI) Misrepresentation of Critical Information
CWE
Download of Code Without Integrity Check
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.