BaseIncomplete
CWE-807Reliance on Untrusted Inputs in a Security Decision
Category: other
Description
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Common consequences· 1
- Confidentiality / Access Control / Availability / Other — Bypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by ContextAttackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code.
Potential mitigations· 5
- [Architecture and Design]
- [Architecture and Design]
- [Architecture and Design]For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- [Operation, Implementation]When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.
- [Architecture and Design, Implementation]
References
(incoming)16
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-1126cve-2025-1126 | 0% | live |
| Vulnerability | CVE-2025-12487cve-2025-12487 | 0% | live |
| Vulnerability | CVE-2025-12488cve-2025-12488 | 0% | live |
| Vulnerability | CVE-2025-13926cve-2025-13926 | 0% | live |
| Vulnerability | CVE-2025-49827cve-2025-49827 | 0% | live |
| Vulnerability | CVE-2025-66570cve-2025-66570 | 0% | live |
| Vulnerability | Microsoft Office Security Feature Bypass Vulnerabilitycve-2026-21509 | 0% | live |
| Vulnerability | Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerabilitycve-2026-21514 | 0% | live |
| Vulnerability | CVE-2026-27707cve-2026-27707 | 0% | live |
| Vulnerability | CVE-2026-32975cve-2026-32975 | 0% | live |
| Vulnerability | CVE-2026-33068cve-2026-33068 | 0% | live |
| Vulnerability | CVE-2026-35670cve-2026-35670 | 0% | live |
| Vulnerability | CVE-2026-43935cve-2026-43935 | 0% | live |
| KEVEntry | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerabilitykev-cve-2019-9621 | 0% | live |
| KEVEntry | Microsoft Office Security Feature Bypass Vulnerabilitykev-cve-2026-21509 | 0% | live |
| KEVEntry | Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerabilitykev-cve-2026-21514 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.