CWE-646: Reliance on File Name or Extension of Externally-Supplied File
low-riskThe product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.
Abstraction: Variant
Common Consequences
Confidentiality
→
Read Application Data
Availability
→
DoS: Crash, Exit, or Restart
Access Control
→
Gain Privileges or Assume Identity
Real-World Examples (7)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-52052 | 7.2 | 3.5% | — |
| CVE-2021-34639 | 7.5 | 0.3% | — |
| CVE-2023-45599 | 5.5 | 0.2% | — |
| CVE-2024-38432 | 5.5 | 0.1% | — |
| CVE-2025-1889 | 9.8 | 0.1% | — |
| CVE-2025-41720 | 4.3 | 0.0% | — |
| CVE-2025-30662 | 6.6 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal