CWE-1287
AllowedImproper Validation of Specified Type of Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
259 vulnerabilities reference this CWE, most recent first.
GHSA-5JCX-7JCF-9FW2
Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system.
This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2025-20155"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-07T18:15:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system.\n\n This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system.",
"id": "GHSA-5jcx-7jcf-9fw2",
"modified": "2025-05-07T18:30:48Z",
"published": "2025-05-07T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20155"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5M7J-6GC4-FF5G
Vulnerability from github – Published: 2025-01-15 18:30 – Updated: 2025-01-17 15:15Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.2.0"
},
{
"fixed": "10.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.1.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0"
},
{
"fixed": "10.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.11.5"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "9.11.0"
},
{
"fixed": "9.11.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20241127161322-25ff7a3779a5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-20086"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-15T20:06:58Z",
"nvd_published_at": "2025-01-15T17:15:19Z",
"severity": "MODERATE"
},
"details": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.",
"id": "GHSA-5m7j-6gc4-ff5g",
"modified": "2025-01-17T15:15:45Z",
"published": "2025-01-15T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20086"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3392"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mattermost fails to properly validate post props"
}
GHSA-5P3R-7JHW-3CM2
Vulnerability from github – Published: 2025-03-24 15:30 – Updated: 2025-03-24 15:30Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.
{
"affected": [],
"aliases": [
"CVE-2025-1558"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-24T15:15:16Z",
"severity": "MODERATE"
},
"details": "Mattermost Mobile Apps versions \u003c=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.",
"id": "GHSA-5p3r-7jhw-3cm2",
"modified": "2025-03-24T15:30:49Z",
"published": "2025-03-24T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1558"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WF5-MWM8-68X4
Vulnerability from github – Published: 2026-01-23 00:31 – Updated: 2026-01-23 00:31Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-24307"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T23:15:59Z",
"severity": "CRITICAL"
},
"details": "Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-5wf5-mwm8-68x4",
"modified": "2026-01-23T00:31:18Z",
"published": "2026-01-23T00:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24307"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24307"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6238-89RC-FWRC
Vulnerability from github – Published: 2025-12-10 15:31 – Updated: 2025-12-10 15:31An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
{
"affected": [],
"aliases": [
"CVE-2024-2105"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T13:16:02Z",
"severity": "MODERATE"
},
"details": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.",
"id": "GHSA-6238-89rc-fwrc",
"modified": "2025-12-10T15:31:24Z",
"published": "2025-12-10T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2105"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-089"
},
{
"type": "WEB",
"url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-625M-28MG-RQ98
Vulnerability from github – Published: 2023-12-15 18:30 – Updated: 2023-12-15 18:30An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.
{
"affected": [],
"aliases": [
"CVE-2023-3904"
],
"database_specific": {
"cwe_ids": [
"CWE-1287",
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-15T16:15:43Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.",
"id": "GHSA-625m-28mg-rq98",
"modified": "2023-12-15T18:30:28Z",
"published": "2023-12-15T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3904"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2053154"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418226"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-62CP-QVQ6-CFW4
Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover.
This vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive. To exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device.
{
"affected": [],
"aliases": [
"CVE-2025-20251"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T17:15:38Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover.\n\nThis vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive.\nTo exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device.",
"id": "GHSA-62cp-qvq6-cfw4",
"modified": "2025-08-14T18:31:29Z",
"published": "2025-08-14T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20251"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-http-file-hUyX2jL4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69PR-78GV-7C6H
Vulnerability from github – Published: 2024-12-16 09:31 – Updated: 2024-12-16 19:29Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0"
},
{
"fixed": "10.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "9.11.0"
},
{
"fixed": "9.11.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "9.5.0"
},
{
"fixed": "9.5.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-54083"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-16T19:23:55Z",
"nvd_published_at": "2024-12-16T08:15:05Z",
"severity": "MODERATE"
},
"details": "Mattermost versions 10.1.x \u003c= 10.1.2, 10.0.x \u003c= 10.0.2, 9.11.x \u003c= 9.11.4, 9.5.x \u003c= 9.5.12 fail to properly validate the type of\u00a0callProps\u00a0which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.",
"id": "GHSA-69pr-78gv-7c6h",
"modified": "2024-12-16T19:29:16Z",
"published": "2024-12-16T09:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54083"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Improper Validation of Specified Type of Input vulnerability"
}
GHSA-69W6-8JQV-GJ6V
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-59278"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:10Z",
"severity": "HIGH"
},
"details": "Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-69w6-8jqv-gj6v",
"modified": "2025-10-14T18:30:36Z",
"published": "2025-10-14T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59278"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59278"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6J2Q-QR5R-M5GG
Vulnerability from github – Published: 2024-11-05 18:32 – Updated: 2024-11-05 18:32The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.
{
"affected": [],
"aliases": [
"CVE-2023-29126"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T16:15:16Z",
"severity": "MODERATE"
},
"details": "The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.",
"id": "GHSA-6j2q-qr5r-m5gg",
"modified": "2024-11-05T18:32:11Z",
"published": "2024-11-05T18:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29126"
},
{
"type": "WEB",
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.