ClassDraft

CWE-75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Category: injection

Description

The product does not adequately filter user-controlled input for special elements with control implications.

Common consequences· 1

  • Integrity / Confidentiality / Availability — Modify Application Data, Execute Unauthorized Code or Commands

Potential mitigations· 2

  • [Requirements]Programming languages and supporting technologies might be chosen which are not subject to these issues.
  • [Implementation]Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.

Related CAPEC attack patterns· 2

CAPEC-81CAPEC-93

References

  1. https://cwe.mitre.org/data/definitions/75.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternWeb Server Logs Tamperingcapec-81100%live
AttackPatternLog Injection-Tampering-Forgingcapec-93100%live

(incoming)3

TypeTargetConfidenceTier
VulnerabilityCVE-2025-50213cve-2025-502130%live
VulnerabilityCVE-2026-29042cve-2026-290420%live
VulnerabilityCVE-2026-31908cve-2026-319080%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Handling of Invalid Use of Special Elements
CWE
Insufficient Type Distinction
CWE
Improper Neutralization of Special Elements Used in a Template Engine
CWE
Improper Handling of Additional Special Element
CWE
Improper Neutralization of Internal Special Elements
CWE
Improper Neutralization of Multiple Internal Special Elements
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.