BaseDraft

CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')

Category: injection

Description

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Common consequences· 1

  • Integrity — Modify Application Data

Potential mitigations· 2

  • [Implementation]Avoid using CRLF as a special sequence.
  • [Implementation]Appropriately filter or quote CRLF sequences in user-controlled input.

Related CAPEC attack patterns· 2

CAPEC-15CAPEC-81

References

  1. https://cwe.mitre.org/data/definitions/93.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternCommand Delimiterscapec-15100%live
AttackPatternWeb Server Logs Tamperingcapec-81100%live

(incoming)25

TypeTargetConfidenceTier
VulnerabilityCVE-2025-28357cve-2025-283570%live
VulnerabilityCVE-2025-59151cve-2025-591510%live
VulnerabilityOracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerabilitycve-2025-618840%live
VulnerabilityCVE-2025-8715cve-2025-87150%live
VulnerabilityCVE-2026-1714cve-2026-17140%live
VulnerabilityCVE-2026-23953cve-2026-239530%live
VulnerabilityCVE-2026-29046cve-2026-290460%live
VulnerabilityCVE-2026-32993cve-2026-329930%live
VulnerabilityCVE-2026-33128cve-2026-331280%live
VulnerabilityCVE-2026-34458cve-2026-344580%live
VulnerabilityCVE-2026-35517cve-2026-355170%live
VulnerabilityCVE-2026-35518cve-2026-355180%live
VulnerabilityCVE-2026-35519cve-2026-355190%live
VulnerabilityCVE-2026-35520cve-2026-355200%live
VulnerabilityCVE-2026-35521cve-2026-355210%live
VulnerabilityCVE-2026-39394cve-2026-393940%live
VulnerabilityCVE-2026-39849cve-2026-398490%live
VulnerabilityCVE-2026-39958cve-2026-399580%live
VulnerabilityCVE-2026-39983cve-2026-399830%live
VulnerabilityCVE-2026-41230cve-2026-412300%live
VulnerabilityCVE-2026-42257cve-2026-422570%live
VulnerabilityCVE-2026-42258cve-2026-422580%live
VulnerabilityCVE-2026-46720cve-2026-467200%live
VulnerabilityCVE-2026-5140cve-2026-51400%live
KEVEntrySynacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerabilitykev-cve-2022-279240%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Neutralization of Line Delimiters
CWE
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE
Improper Neutralization of Record Delimiters
CWE
Improper Neutralization of Multiple Leading Special Elements
CWE
Improper Neutralization of Leading Special Elements
CWE
Improper Neutralization of Trailing Special Elements
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.