CWE-436: Interpretation Conflict
low-riskProduct A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
Abstraction: Class
Common Consequences
Integrity
→
Unexpected State
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2021-28474 | 8.8 | 18.0% | — |
| CVE-2025-25291 | 9.8 | 13.8% | — |
| CVE-2023-24813 | 10.0 | 9.3% | — |
| CVE-2025-25292 | 9.8 | 4.1% | — |
| CVE-2019-5892 | 6.5 | 3.6% | — |
| CVE-2019-17596 | 7.5 | 2.3% | — |
| CVE-2023-29197 | 5.3 | 2.3% | — |
| CVE-2024-42487 | 4.0 | 1.8% | — |
| CVE-2022-38115 | 5.3 | 1.5% | — |
| CVE-2021-45327 | 9.8 | 0.9% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal