ClassIncomplete

CWE-436Interpretation Conflict

Category: other

Description

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.

Common consequences· 1

  • Integrity / Other — Unexpected State, Varies by Context

Related CAPEC attack patterns· 3

CAPEC-105CAPEC-273CAPEC-34

References

  1. https://cwe.mitre.org/data/definitions/436.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternHTTP Response Splittingcapec-34100%live
AttackPatternHTTP Response Smugglingcapec-273100%live
AttackPatternHTTP Request Splittingcapec-105100%live

(incoming)12

TypeTargetConfidenceTier
VulnerabilityCVE-2025-12816cve-2025-128160%live
VulnerabilityCVE-2025-25291cve-2025-252910%live
VulnerabilityCVE-2025-25292cve-2025-252920%live
VulnerabilityGit Link Following Vulnerabilitycve-2025-483840%live
VulnerabilityCVE-2026-32052cve-2026-320520%live
VulnerabilityCVE-2026-33804cve-2026-338040%live
VulnerabilityCVE-2026-33807cve-2026-338070%live
VulnerabilityCVE-2026-40165cve-2026-401650%live
VulnerabilityCVE-2026-41248cve-2026-412480%live
VulnerabilityCVE-2026-6270cve-2026-62700%live
VulnerabilityCVE-2026-8034cve-2026-80340%live
KEVEntryGit Link Following Vulnerabilitykev-cve-2025-483840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Interaction Between Multiple Correctly-Behaving Entities
CWE
Behavioral Change in New Version or Environment
CWE
Unintended Proxy or Intermediary ('Confused Deputy')
CWE
Observable Discrepancy
CWE
Observable Behavioral Discrepancy
CWE
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.