Common Weakness Enumeration

CWE-1287

Allowed

Improper Validation of Specified Type of Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

259 vulnerabilities reference this CWE, most recent first.

CVE-2026-26115 (GCVE-0-2026-26115)

Vulnerability from cvelistv5 – Published: 2026-03-10 17:05 – Updated: 2026-06-19 18:17
VLAI
Title
SQL Server Elevation of Privilege Vulnerability
Summary
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Date Public
2026-03-10 14:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26115",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T03:55:59.792025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T13:08:16.518Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "13.0.6480.4",
              "status": "affected",
              "version": "13.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "13.0.7075.5",
              "status": "affected",
              "version": "13.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2017 (CU 31)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.3520.4",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2017 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.2100.4",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 32)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4460.4",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2160.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1170.5",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 23)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4240.4",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2025 (CU 2)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.4020.2",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.1105.2",
              "status": "affected",
              "version": "17.0.1050.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "17.0.1105.2",
                  "versionStartIncluding": "17.0.1050.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                  "versionEndExcluding": "14.0.2100.4",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                  "versionEndExcluding": "13.0.6480.4",
                  "versionStartIncluding": "13.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                  "versionEndExcluding": "14.0.3520.4",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "16.0.1170.5",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.4460.4",
                  "versionStartIncluding": "15.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "16.0.4240.4",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "17.0.4020.2",
                  "versionStartIncluding": "17.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.2160.4",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                  "versionEndExcluding": "13.0.7075.5",
                  "versionStartIncluding": "13.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-03-10T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T18:17:49.951Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "SQL Server Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26115"
        }
      ],
      "title": "SQL Server Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-26115",
    "datePublished": "2026-03-10T17:05:07.320Z",
    "dateReserved": "2026-02-11T15:52:13.910Z",
    "dateUpdated": "2026-06-19T18:17:49.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25783 (GCVE-0-2026-25783)

Vulnerability from cvelistv5 – Published: 2026-03-16 12:04 – Updated: 2026-03-16 13:49
VLAI
Title
Denial of service via malformed User-Agent header in getBrowserVersion
Summary
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
URL Tags
https://mattermost.com/security-updates vendor-advisory
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 11.3.0 , ≤ 11.3.0 (semver)
Affected: 11.2.0 , ≤ 11.2.2 (semver)
Affected: 10.11.0 , ≤ 10.11.10 (semver)
Unaffected: 11.4.0
Unaffected: 11.3.1
Unaffected: 11.2.3
Unaffected: 10.11.11
Create a notification for this product.
Credits
winfunc
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25783",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T13:41:45.426064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T13:49:55.332Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.3.0",
              "status": "affected",
              "version": "11.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.2.2",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.10",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.4.0"
            },
            {
              "status": "unaffected",
              "version": "11.3.1"
            },
            {
              "status": "unaffected",
              "version": "11.2.3"
            },
            {
              "status": "unaffected",
              "version": "10.11.11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "winfunc"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.3.x \u003c= 11.3.0, 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T12:04:18.478Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00586",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.4.0, 11.3.1, 11.2.3, 10.11.11 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00586",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-67273"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Denial of service via malformed User-Agent header in getBrowserVersion",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-25783",
    "datePublished": "2026-03-16T12:04:18.478Z",
    "dateReserved": "2026-02-13T10:01:31.949Z",
    "dateUpdated": "2026-03-16T13:49:55.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25179 (GCVE-0-2026-25179)

Vulnerability from cvelistv5 – Published: 2026-03-10 17:04 – Updated: 2026-06-19 18:17
VLAI
Title
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Summary
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.8957 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < 10.0.17763.8511 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 21H2 Affected: 10.0.19044.0 , < 10.0.19044.7058 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 22H2 Affected: 10.0.19045.0 , < 10.0.19045.7058 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H3 Affected: 10.0.22631.0 , < 10.0.22631.6783 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 23H2 Affected: 10.0.22631.0 , < 10.0.22631.6783 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 24H2 Affected: 10.0.26100.0 , < 10.0.26100.8037 (custom)
Create a notification for this product.
Microsoft Windows 11 Version 25H2 Affected: 10.0.26200.0 , < 10.0.26200.8037 (custom)
Create a notification for this product.
Microsoft Windows 11 version 26H1 Affected: 10.0.28000.0 , < 10.0.28000.1719 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.25973 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.25973 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.23074 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.23074 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.8957 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.8957 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < 10.0.17763.8511 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < 10.0.17763.8511 (custom)
Create a notification for this product.
Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.4893 (custom)
Create a notification for this product.
Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) Affected: 10.0.25398.0 , < 10.0.25398.2207 (custom)
Create a notification for this product.
Microsoft Windows Server 2025 Affected: 10.0.26100.0 , < 10.0.26100.32522 (custom)
Create a notification for this product.
Microsoft Windows Server 2025 (Server Core installation) Affected: 10.0.26100.0 , < 10.0.26100.32522 (custom)
Create a notification for this product.
Date Public
2026-03-10 14:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T03:56:03.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8957",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8511",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.7058",
              "status": "affected",
              "version": "10.0.19044.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.7058",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.6783",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.6783",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.8037",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 25H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26200.8037",
              "status": "affected",
              "version": "10.0.26200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 26H1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.28000.1719",
              "status": "affected",
              "version": "10.0.28000.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.25973",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.25973",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.23074",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.23074",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8957",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.8957",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8511",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.8511",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.4893",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.2207",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32522",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.32522",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.28000.1719",
                  "versionStartIncluding": "10.0.28000.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.8511",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.8511",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.8511",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.4893",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.7058",
                  "versionStartIncluding": "10.0.19044.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.7058",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32522",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26200.8037",
                  "versionStartIncluding": "10.0.26200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.6783",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.6783",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.2207",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.8037",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.32522",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.8957",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.8957",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.8957",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.25973",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.25973",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.23074",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.23074",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-03-10T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T18:17:40.913Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25179"
        }
      ],
      "title": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-25179",
    "datePublished": "2026-03-10T17:04:55.821Z",
    "dateReserved": "2026-01-29T18:36:49.695Z",
    "dateUpdated": "2026-06-19T18:17:40.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24307 (GCVE-0-2026-24307)

Vulnerability from cvelistv5 – Published: 2026-01-22 22:47 – Updated: 2026-04-01 13:49 Exclusively Hosted Service
VLAI
Title
M365 Copilot Information Disclosure Vulnerability
Summary
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
Date Public
2026-01-22 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24307",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-24T04:55:15.704128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:29.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft 365 Copilot",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:365_copilot:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-01-22T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:49:25.685Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "M365 Copilot Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24307"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "M365 Copilot Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-24307",
    "datePublished": "2026-01-22T22:47:36.934Z",
    "dateReserved": "2026-01-21T21:28:02.969Z",
    "dateUpdated": "2026-04-01T13:49:25.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20119 (GCVE-0-2026-20119)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:12 – Updated: 2026-02-12 18:49
VLAI
Title
Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability
Summary
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
Assigner
Impacted products
Vendor Product Version
Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
Affected: RoomOS 10.15.2.2
Affected: RoomOS 11.5.4.6
Affected: RoomOS 11.5.2.4
Affected: RoomOS 10.8.2.5
Affected: RoomOS 10.11.5.2
Affected: RoomOS 10.11.3.0
Affected: RoomOS 10.15.5.3
Affected: RoomOS 10.19.2.2
Affected: RoomOS 11.1.3.1
Affected: RoomOS 10.11.6.0
Affected: RoomOS 10.19.3.0
Affected: RoomOS 10.19.4.2
Affected: RoomOS 10.3.2.4
Affected: RoomOS 10.3.4.0
Affected: RoomOS 10.15.3.0
Affected: RoomOS 11.1.4.1
Affected: RoomOS 11.14.2.3
Affected: RoomOS 11.1.2.4
Affected: RoomOS 10.8.3.1
Affected: RoomOS 11.14.2.1
Affected: RoomOS 10.3.3.0
Affected: RoomOS 10.8.4.0
Affected: RoomOS 10.15.4.1
Affected: RoomOS 10.19.5.6
Affected: RoomOS 10.11.4.1
Affected: RoomOS 11.9.3.1
Affected: RoomOS 11.5.3.3
Affected: RoomOS 10.3.2.0
Affected: RoomOS 11.9.2.4
Affected: RoomOS 11.14.3.0
Affected: RoomOS 11.17.2.2
Affected: RoomOS 11.14.4.0
Affected: RoomOS 10.19 StepUpg
Affected: RoomOS 11.17.3.0
Affected: RoomOS 11.20.2.3
Affected: RoomOS 11.14.5.0
Affected: RoomOS 11.17.4.0
Affected: RoomOS 11.20.3.0
Affected: RoomOS 11.23.1.6
Affected: RoomOS 11.23.1.8
Affected: RoomOS 11.24.1.5
Affected: RoomOS 11.24.2.4
Affected: RoomOS 11.24.3.0
Affected: RoomOS 11.24.4.1
Affected: RoomOS 11.27.2.0
Affected: RoomOS 11.28.1.3
Affected: RoomOS 11.27.3.0
Affected: RoomOS 11.31.1.5
Affected: RoomOS 11.27.4.0
Affected: RoomOS 11.32.2.1
Create a notification for this product.
Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.3.0
Affected: CE9.10.2
Affected: CE9.2.6
Affected: CE9.5.0
Affected: CE9.3.3
Affected: CE9.1.4
Affected: CE9.3.2
Affected: CE9.4.2
Affected: CE9.3.1
Affected: CE9.2.5
Affected: CE9.9.3
Affected: CE9.5.3
Affected: CE9.10.3
Affected: CE9.1.5
Affected: CE9.5.2
Affected: CE9.4.1
Affected: CE9.6.1
Affected: CE9.2.4
Affected: CE9.5.1
Affected: CE9.10.1
Affected: CE9.1.2
Affected: CE9.1.1
Affected: CE9.9.4
Affected: CE9.2.1
Affected: CE9.1.3
Affected: CE9.0.1
Affected: CE9.1.6
Affected: CE9.2.2
Affected: CE9.4.0
Affected: CE9.10.0
Affected: CE9.2.3
Affected: CE9.12.3
Affected: CE9.15.18.4
Affected: CE9.15.3.14
Affected: CE9.15.18.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T16:41:56.418229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T16:42:15.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco RoomOS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "RoomOS 10.11.2.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.15.2.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.5.4.6"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.5.2.4"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.8.2.5"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.5.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.15.5.3"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.19.2.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.1.3.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.6.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.19.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.19.4.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.3.2.4"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.3.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.15.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.1.4.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.14.2.3"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.1.2.4"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.8.3.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.14.2.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.3.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.8.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.15.4.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.19.5.6"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.4.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.9.3.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.5.3.3"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.3.2.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.9.2.4"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.14.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.17.2.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.14.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.19 StepUpg"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.17.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.20.2.3"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.14.5.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.17.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.20.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.23.1.6"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.23.1.8"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.24.1.5"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.24.2.4"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.24.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.24.4.1"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.27.2.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.28.1.3"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.27.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.31.1.5"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.27.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 11.32.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Endpoint Software (TC/CE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "CE9.3.0"
            },
            {
              "status": "affected",
              "version": "CE9.10.2"
            },
            {
              "status": "affected",
              "version": "CE9.2.6"
            },
            {
              "status": "affected",
              "version": "CE9.5.0"
            },
            {
              "status": "affected",
              "version": "CE9.3.3"
            },
            {
              "status": "affected",
              "version": "CE9.1.4"
            },
            {
              "status": "affected",
              "version": "CE9.3.2"
            },
            {
              "status": "affected",
              "version": "CE9.4.2"
            },
            {
              "status": "affected",
              "version": "CE9.3.1"
            },
            {
              "status": "affected",
              "version": "CE9.2.5"
            },
            {
              "status": "affected",
              "version": "CE9.9.3"
            },
            {
              "status": "affected",
              "version": "CE9.5.3"
            },
            {
              "status": "affected",
              "version": "CE9.10.3"
            },
            {
              "status": "affected",
              "version": "CE9.1.5"
            },
            {
              "status": "affected",
              "version": "CE9.5.2"
            },
            {
              "status": "affected",
              "version": "CE9.4.1"
            },
            {
              "status": "affected",
              "version": "CE9.6.1"
            },
            {
              "status": "affected",
              "version": "CE9.2.4"
            },
            {
              "status": "affected",
              "version": "CE9.5.1"
            },
            {
              "status": "affected",
              "version": "CE9.10.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.1"
            },
            {
              "status": "affected",
              "version": "CE9.9.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.3"
            },
            {
              "status": "affected",
              "version": "CE9.0.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.6"
            },
            {
              "status": "affected",
              "version": "CE9.2.2"
            },
            {
              "status": "affected",
              "version": "CE9.4.0"
            },
            {
              "status": "affected",
              "version": "CE9.10.0"
            },
            {
              "status": "affected",
              "version": "CE9.2.3"
            },
            {
              "status": "affected",
              "version": "CE9.12.3"
            },
            {
              "status": "affected",
              "version": "CE9.15.18.4"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.14"
            },
            {
              "status": "affected",
              "version": "CE9.15.18.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-12T18:49:48.060Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-tce-roomos-dos-9V9jrC2q",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q"
        }
      ],
      "source": {
        "advisory": "cisco-sa-tce-roomos-dos-9V9jrC2q",
        "defects": [
          "CSCws04170"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20119",
    "datePublished": "2026-02-04T16:12:04.796Z",
    "dateReserved": "2025-10-08T11:59:15.377Z",
    "dateUpdated": "2026-02-12T18:49:48.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20074 (GCVE-0-2026-20074)

Vulnerability from cvelistv5 – Published: 2026-03-11 16:31 – Updated: 2026-03-11 17:20
VLAI
Title
Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability
Summary
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.&nbsp;&nbsp;
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Affected: 7.8.1
Affected: 7.9.1
Affected: 7.10.1
Affected: 7.8.2
Affected: 7.8.22
Affected: 7.9.2
Affected: 7.11.1
Affected: 7.9.21
Affected: 7.10.2
Affected: 24.1.1
Affected: 7.11.2
Affected: 24.2.1
Affected: 24.1.2
Affected: 24.2.11
Affected: 24.3.1
Affected: 24.4.1
Affected: 24.2.2
Affected: 7.8.23
Affected: 7.11.21
Affected: 24.2.20
Affected: 24.3.2
Affected: 24.4.10
Affected: 25.1.1
Affected: 24.4.2
Affected: 24.3.20
Affected: 24.4.15
Affected: 25.2.1
Affected: 25.1.2
Affected: 24.3.30
Affected: 24.4.30
Affected: 24.2.21
Affected: 25.2.15
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T17:04:46.266844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T17:20:21.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.10.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.8.22"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            },
            {
              "status": "affected",
              "version": "7.9.21"
            },
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "24.1.1"
            },
            {
              "status": "affected",
              "version": "7.11.2"
            },
            {
              "status": "affected",
              "version": "24.2.1"
            },
            {
              "status": "affected",
              "version": "24.1.2"
            },
            {
              "status": "affected",
              "version": "24.2.11"
            },
            {
              "status": "affected",
              "version": "24.3.1"
            },
            {
              "status": "affected",
              "version": "24.4.1"
            },
            {
              "status": "affected",
              "version": "24.2.2"
            },
            {
              "status": "affected",
              "version": "7.8.23"
            },
            {
              "status": "affected",
              "version": "7.11.21"
            },
            {
              "status": "affected",
              "version": "24.2.20"
            },
            {
              "status": "affected",
              "version": "24.3.2"
            },
            {
              "status": "affected",
              "version": "24.4.10"
            },
            {
              "status": "affected",
              "version": "25.1.1"
            },
            {
              "status": "affected",
              "version": "24.4.2"
            },
            {
              "status": "affected",
              "version": "24.3.20"
            },
            {
              "status": "affected",
              "version": "24.4.15"
            },
            {
              "status": "affected",
              "version": "25.2.1"
            },
            {
              "status": "affected",
              "version": "25.1.2"
            },
            {
              "status": "affected",
              "version": "24.3.30"
            },
            {
              "status": "affected",
              "version": "24.4.30"
            },
            {
              "status": "affected",
              "version": "24.2.21"
            },
            {
              "status": "affected",
              "version": "25.2.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly.\r\n\r\nThis vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.\r\nNote: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.\u0026nbsp;\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T16:31:14.712Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-isis-dos-kDMxpSzK",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK"
        }
      ],
      "source": {
        "advisory": "cisco-sa-isis-dos-kDMxpSzK",
        "defects": [
          "CSCwq71827"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20074",
    "datePublished": "2026-03-11T16:31:14.712Z",
    "dateReserved": "2025-10-08T11:59:15.362Z",
    "dateUpdated": "2026-03-11T17:20:21.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11460 (GCVE-0-2026-11460)

Vulnerability from cvelistv5 – Published: 2026-06-07 19:30 – Updated: 2026-06-08 13:45
VLAI
Title
Boost Serialization improper validation of specified type of input
Summary
A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notified on Aug 2025 and a disclosure deadline was set for 90 days. The maintainer acknowledged but postponed indefinitely citing time concerns. No patch is currently available and the disclosure deadline has expired.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Boost Serialization Affected: 1.0
Affected: 1.1
Affected: 1.2
Affected: 1.3
Affected: 1.4
Affected: 1.5
Affected: 1.6
Affected: 1.7
Affected: 1.8
Affected: 1.9
Affected: 1.10
Affected: 1.11
Affected: 1.12
Affected: 1.13
Affected: 1.14
Affected: 1.15
Affected: 1.16
Affected: 1.17
Affected: 1.18
Affected: 1.19
Affected: 1.20
Affected: 1.21
Affected: 1.22
Affected: 1.23
Affected: 1.24
Affected: 1.25
Affected: 1.26
Affected: 1.27
Affected: 1.28
Affected: 1.29
Affected: 1.30
Affected: 1.31
Affected: 1.32
Affected: 1.33
Affected: 1.34
Affected: 1.35
Affected: 1.36
Affected: 1.37
Affected: 1.38
Affected: 1.39
Affected: 1.40
Affected: 1.41
Affected: 1.42
Affected: 1.43
Affected: 1.44
Affected: 1.45
Affected: 1.46
Affected: 1.47
Affected: 1.48
Affected: 1.49
Affected: 1.50
Affected: 1.51
Affected: 1.52
Affected: 1.53
Affected: 1.54
Affected: 1.55
Affected: 1.56
Affected: 1.57
Affected: 1.58
Affected: 1.59
Affected: 1.60
Affected: 1.61
Affected: 1.62
Affected: 1.63
Affected: 1.64
Affected: 1.65
Affected: 1.66
Affected: 1.67
Affected: 1.68
Affected: 1.69
Affected: 1.70
Affected: 1.71
Affected: 1.72
Affected: 1.73
Affected: 1.74
Affected: 1.75
Affected: 1.76
Affected: 1.77
Affected: 1.78
Affected: 1.79
Affected: 1.80
Affected: 1.81
Affected: 1.82
Affected: 1.83
Affected: 1.84
Affected: 1.85
Affected: 1.86
Affected: 1.87
Affected: 1.88
Affected: 1.89
Affected: 1.90
Affected: 1.91
    cpe:2.3:a:boost:serialization:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
trebledj (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11460",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-08T13:45:37.162774Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-08T13:45:44.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:boost:serialization:*:*:*:*:*:*:*:*"
          ],
          "product": "Serialization",
          "vendor": "Boost",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            },
            {
              "status": "affected",
              "version": "1.5"
            },
            {
              "status": "affected",
              "version": "1.6"
            },
            {
              "status": "affected",
              "version": "1.7"
            },
            {
              "status": "affected",
              "version": "1.8"
            },
            {
              "status": "affected",
              "version": "1.9"
            },
            {
              "status": "affected",
              "version": "1.10"
            },
            {
              "status": "affected",
              "version": "1.11"
            },
            {
              "status": "affected",
              "version": "1.12"
            },
            {
              "status": "affected",
              "version": "1.13"
            },
            {
              "status": "affected",
              "version": "1.14"
            },
            {
              "status": "affected",
              "version": "1.15"
            },
            {
              "status": "affected",
              "version": "1.16"
            },
            {
              "status": "affected",
              "version": "1.17"
            },
            {
              "status": "affected",
              "version": "1.18"
            },
            {
              "status": "affected",
              "version": "1.19"
            },
            {
              "status": "affected",
              "version": "1.20"
            },
            {
              "status": "affected",
              "version": "1.21"
            },
            {
              "status": "affected",
              "version": "1.22"
            },
            {
              "status": "affected",
              "version": "1.23"
            },
            {
              "status": "affected",
              "version": "1.24"
            },
            {
              "status": "affected",
              "version": "1.25"
            },
            {
              "status": "affected",
              "version": "1.26"
            },
            {
              "status": "affected",
              "version": "1.27"
            },
            {
              "status": "affected",
              "version": "1.28"
            },
            {
              "status": "affected",
              "version": "1.29"
            },
            {
              "status": "affected",
              "version": "1.30"
            },
            {
              "status": "affected",
              "version": "1.31"
            },
            {
              "status": "affected",
              "version": "1.32"
            },
            {
              "status": "affected",
              "version": "1.33"
            },
            {
              "status": "affected",
              "version": "1.34"
            },
            {
              "status": "affected",
              "version": "1.35"
            },
            {
              "status": "affected",
              "version": "1.36"
            },
            {
              "status": "affected",
              "version": "1.37"
            },
            {
              "status": "affected",
              "version": "1.38"
            },
            {
              "status": "affected",
              "version": "1.39"
            },
            {
              "status": "affected",
              "version": "1.40"
            },
            {
              "status": "affected",
              "version": "1.41"
            },
            {
              "status": "affected",
              "version": "1.42"
            },
            {
              "status": "affected",
              "version": "1.43"
            },
            {
              "status": "affected",
              "version": "1.44"
            },
            {
              "status": "affected",
              "version": "1.45"
            },
            {
              "status": "affected",
              "version": "1.46"
            },
            {
              "status": "affected",
              "version": "1.47"
            },
            {
              "status": "affected",
              "version": "1.48"
            },
            {
              "status": "affected",
              "version": "1.49"
            },
            {
              "status": "affected",
              "version": "1.50"
            },
            {
              "status": "affected",
              "version": "1.51"
            },
            {
              "status": "affected",
              "version": "1.52"
            },
            {
              "status": "affected",
              "version": "1.53"
            },
            {
              "status": "affected",
              "version": "1.54"
            },
            {
              "status": "affected",
              "version": "1.55"
            },
            {
              "status": "affected",
              "version": "1.56"
            },
            {
              "status": "affected",
              "version": "1.57"
            },
            {
              "status": "affected",
              "version": "1.58"
            },
            {
              "status": "affected",
              "version": "1.59"
            },
            {
              "status": "affected",
              "version": "1.60"
            },
            {
              "status": "affected",
              "version": "1.61"
            },
            {
              "status": "affected",
              "version": "1.62"
            },
            {
              "status": "affected",
              "version": "1.63"
            },
            {
              "status": "affected",
              "version": "1.64"
            },
            {
              "status": "affected",
              "version": "1.65"
            },
            {
              "status": "affected",
              "version": "1.66"
            },
            {
              "status": "affected",
              "version": "1.67"
            },
            {
              "status": "affected",
              "version": "1.68"
            },
            {
              "status": "affected",
              "version": "1.69"
            },
            {
              "status": "affected",
              "version": "1.70"
            },
            {
              "status": "affected",
              "version": "1.71"
            },
            {
              "status": "affected",
              "version": "1.72"
            },
            {
              "status": "affected",
              "version": "1.73"
            },
            {
              "status": "affected",
              "version": "1.74"
            },
            {
              "status": "affected",
              "version": "1.75"
            },
            {
              "status": "affected",
              "version": "1.76"
            },
            {
              "status": "affected",
              "version": "1.77"
            },
            {
              "status": "affected",
              "version": "1.78"
            },
            {
              "status": "affected",
              "version": "1.79"
            },
            {
              "status": "affected",
              "version": "1.80"
            },
            {
              "status": "affected",
              "version": "1.81"
            },
            {
              "status": "affected",
              "version": "1.82"
            },
            {
              "status": "affected",
              "version": "1.83"
            },
            {
              "status": "affected",
              "version": "1.84"
            },
            {
              "status": "affected",
              "version": "1.85"
            },
            {
              "status": "affected",
              "version": "1.86"
            },
            {
              "status": "affected",
              "version": "1.87"
            },
            {
              "status": "affected",
              "version": "1.88"
            },
            {
              "status": "affected",
              "version": "1.89"
            },
            {
              "status": "affected",
              "version": "1.90"
            },
            {
              "status": "affected",
              "version": "1.91"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "trebledj (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notified on Aug 2025 and a disclosure deadline was set for 90 days. The maintainer acknowledged but postponed indefinitely citing time concerns. No patch is currently available and the disclosure deadline has expired."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-07T19:30:10.324Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-369080 | Boost Serialization improper validation of specified type of input",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/369080"
        },
        {
          "name": "VDB-369080 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/369080/cti"
        },
        {
          "name": "CVE-2026-11460 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-11460"
        },
        {
          "name": "Submit #814455 | boostorg boost serialization 1.91 CWE-1287, CWE-843 (Type Confusion)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/814455"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/boostorg/serialization/issues/331"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/TrebledJ/b7c872f869b5ed7cbd936f71f16c7d75"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-07T09:30:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Boost Serialization improper validation of specified type of input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-11460",
    "datePublished": "2026-06-07T19:30:10.324Z",
    "dateReserved": "2026-06-07T07:25:46.611Z",
    "dateUpdated": "2026-06-08T13:45:44.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10825 (GCVE-0-2026-10825)

Vulnerability from cvelistv5 – Published: 2026-06-16 08:51 – Updated: 2026-06-16 12:24
VLAI
Title
Improper JSON Input Validation in WebSocket API Leads to Denial of Service
Summary
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
Vendor Product Version
Moxa NPort 6000-G2 Series Affected: 1.0 , ≤ 1.1.0 (custom)
Unaffected: 1.2.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10825",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T12:24:31.669564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T12:24:40.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NPort 6000-G2 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "1.1.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:moxa:nport_6000-g2_series:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.1.0",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:moxa:nport_6000-g2_series:1.2.0:*:*:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.\u003c/p\u003e"
            }
          ],
          "value": "A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-28",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-28: Fuzzing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T08:51:57.193Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-268270-cve-2026-10825-improper-validation-of-input-vulnerability-in-serial-device-servers"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Please refer to the security advisory:\u0026nbsp;https://www.moxa.com/en/support/product-support/security-advisory/mpsa-268270-cve-2026-10825-improper-validation-of-input-vulnerability-in-serial-device-servers\u0026nbsp;"
            }
          ],
          "value": "Please refer to the security advisory:\u00a0https://www.moxa.com/en/support/product-support/security-advisory/mpsa-268270-cve-2026-10825-improper-validation-of-input-vulnerability-in-serial-device-servers"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper JSON Input Validation in WebSocket API Leads to Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2026-10825",
    "datePublished": "2026-06-16T08:51:57.193Z",
    "dateReserved": "2026-06-04T08:28:37.449Z",
    "dateUpdated": "2026-06-16T12:24:40.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9753 (GCVE-0-2026-9753)

Vulnerability from cvelistv5 – Published: 2026-06-09 22:30 – Updated: 2026-06-10 18:54
VLAI
Title
Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.
Summary
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper validation of specified type of input
Assigner
References
Impacted products
Vendor Product Version
MongoDB MongoDB Server Affected: 8.3.0 , < 8.3.3 (semver)
Affected: 8.2.0 , < 8.2.10 (semver)
Affected: 8.0.0 , < 8.0.24 (semver)
Affected: 7.0.0 , < 7.0.35 (semver)
Create a notification for this product.
Credits
daffainfo (Muhammad Daffa)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9753",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:52:57.027756Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:54:01.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB",
          "versions": [
            {
              "lessThan": "8.3.3",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.10",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.0.24",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.0.35",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "daffainfo (Muhammad Daffa)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command."
            }
          ],
          "value": "The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287 Improper validation of specified type of input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T22:35:54.145Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-124959"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2026-9753",
    "datePublished": "2026-06-09T22:30:57.171Z",
    "dateReserved": "2026-05-27T17:49:08.204Z",
    "dateUpdated": "2026-06-10T18:54:01.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9742 (GCVE-0-2026-9742)

Vulnerability from cvelistv5 – Published: 2026-06-09 21:57 – Updated: 2026-06-10 13:22
VLAI
Title
Authenticate command with specific mechanism parameter can trigger server crash
Summary
When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1287 - Improper validation of specified type of input
Assigner
References
Impacted products
Vendor Product Version
MongoDB MongoDB Server Affected: 8.3.0 , < 8.3.3 (custom)
Affected: 8.2.0 , < 8.2.10 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9742",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T13:21:56.386451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T13:22:12.269Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB",
          "versions": [
            {
              "lessThan": "8.3.3",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.10",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When OIDC authentication is enabled in configuration, clients may set specific values in the \"mechanism\" parameter of the \"authenticate\" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations."
            }
          ],
          "value": "When OIDC authentication is enabled in configuration, clients may set specific values in the \"mechanism\" parameter of the \"authenticate\" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287 Improper validation of specified type of input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T21:57:46.304Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-124183"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Authenticate command with specific mechanism parameter can trigger server crash",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2026-9742",
    "datePublished": "2026-06-09T21:57:46.304Z",
    "dateReserved": "2026-05-27T17:34:08.786Z",
    "dateUpdated": "2026-06-10T13:22:12.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.