CWE-1286: Improper Validation of Syntactic Correctness of Input
low-riskThe product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Abstraction: Base
Common Consequences
Other
→
Varies by Context
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-7954 | 9.8 | 93.7% | — |
| CVE-2021-28812 | 8.8 | 2.4% | — |
| CVE-2024-51983 | 7.5 | 1.1% | — |
| CVE-2024-6763 | 3.7 | 1.0% | — |
| CVE-2025-54995 | 6.5 | 1.0% | — |
| CVE-2023-43850 | 6.5 | 0.8% | — |
| CVE-2024-3384 | 7.5 | 0.7% | — |
| CVE-2024-51982 | 7.5 | 0.6% | — |
| CVE-2022-22192 | 7.5 | 0.6% | — |
| CVE-2025-20644 | 6.5 | 0.6% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal