CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-9H2J-PMWX-XHHX
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
{
"affected": [],
"aliases": [
"CVE-2026-58283"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:02Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.",
"id": "GHSA-9h2j-pmwx-xhhx",
"modified": "2026-07-03T21:31:39Z",
"published": "2026-07-03T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58283"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58283"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9H6F-X44P-575V
Vulnerability from github – Published: 2025-09-17 21:30 – Updated: 2025-09-17 21:30Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26233.
{
"affected": [],
"aliases": [
"CVE-2025-8002"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T21:15:42Z",
"severity": "HIGH"
},
"details": "Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26233.",
"id": "GHSA-9h6f-x44p-575v",
"modified": "2025-09-17T21:30:44Z",
"published": "2025-09-17T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8002"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-724"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9HCW-VM7C-26Q5
Vulnerability from github – Published: 2024-01-11 00:30 – Updated: 2024-01-17 21:30A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2023-41075"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-10T22:15:49Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-9hcw-vm7c-26q5",
"modified": "2024-01-17T21:30:20Z",
"published": "2024-01-11T00:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41075"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213670"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213673"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213675"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213676"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213677"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9J2P-P9PF-3G9V
Vulnerability from github – Published: 2026-05-06 21:31 – Updated: 2026-05-07 01:05Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-7914"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T19:16:39Z",
"severity": "HIGH"
},
"details": "Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-9j2p-p9pf-3g9v",
"modified": "2026-05-07T01:05:50Z",
"published": "2026-05-06T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7914"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/498401609"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9JCR-498R-JXXC
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.
{
"affected": [],
"aliases": [
"CVE-2025-25277"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:17:57Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.",
"id": "GHSA-9jcr-498r-jxxc",
"modified": "2026-03-16T15:30:41Z",
"published": "2026-03-16T15:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25277"
},
{
"type": "WEB",
"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-11.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9M3F-27XQ-X4J5
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2025-10-22 00:31Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
{
"affected": [],
"aliases": [
"CVE-2019-17026"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-02T05:15:00Z",
"severity": "MODERATE"
},
"details": "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 68.4.1, Thunderbird \u003c 68.4.1, and Firefox \u003c 72.0.1.",
"id": "GHSA-9m3f-27xq-x4j5",
"modified": "2025-10-22T00:31:50Z",
"published": "2022-05-24T17:09:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17026"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607443"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-02"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4335-1"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17026"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-03"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-04"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9M65-766C-R333
Vulnerability from github – Published: 2026-05-14 16:37 – Updated: 2026-05-14 16:37Summary
A type-confusion bug in seroval ≤ 1.5.2 (upstream advisory) allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deserializing the request payload.
This is not an authentication bypass and not remote code execution. The mechanism only invokes server functions that the same client could already reach directly via /_serverFn/, and the target function's full middleware chain — including any user-supplied authentication, authorization, and inputValidator — runs as it would on a direct call.
Impact
To be exploitable in any meaningful sense, an application would need to expose a client-referenced server function that:
- [ ] Performs a privileged side effect, and
- [ ] Has no authentication/authorization middleware, and
- [ ] Has no input validation
A function meeting all three is already directly callable by any unauthenticated client at its own endpoint, so the practical impact on correctly-written applications is nil. The residual concerns are:
A request to function A could cause function B to also execute, which may surprise observability/audit logging that keys off the request URL.
Request-level middleware (as opposed to per-function middleware) does not re-run for the inner invocation. Server-only functions (isClientReferenced: false) cannot be reached through this mechanism.
Patches
Upgrade to @tanstack/start-server-core ≥ 1.167.30 (or the equivalent dated release of @tanstack/react-start / @tanstack/solid-start). The fix bumps seroval to ≥ 1.5.3 and adds defense-in-depth to the serialization adapter plugin shape so adapter payloads cannot be confused with internal seroval node types.
Workarounds
If you cannot upgrade immediately, ensure every createServerFn(...) exposed to the client has both an .inputValidator(...) and authentication/authorization middleware via .middleware([...]). This is recommended regardless of this advisory.
Credits
- Mufeed VH of Winfunc Research
- Upstream fix coordinated with Seroval maintainers https://github.com/lxsmnsyc/seroval
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@tanstack/start-server-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.167.30"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-502",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-14T16:37:10Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nA type-confusion bug in seroval \u2264 1.5.2 ([upstream advisory](https://github.com/lxsmnsyc/seroval/security/advisories)) allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deserializing the request payload.\n\nThis is not an authentication bypass and not remote code execution. The mechanism only invokes server functions that the same client could already reach directly via /_serverFn/\u003cid\u003e, and the target function\u0027s full middleware chain \u2014 including any user-supplied authentication, authorization, and inputValidator \u2014 runs as it would on a direct call.\n\n### Impact\nTo be exploitable in any meaningful sense, an application would need to expose a client-referenced server function that:\n\n- [ ] Performs a privileged side effect, and\n- [ ] Has no authentication/authorization middleware, and\n- [ ] Has no input validation\n\nA function meeting all three is already directly callable by any unauthenticated client at its own endpoint, so the practical impact on correctly-written applications is nil. The residual concerns are:\n\nA request to function A could cause function B to also execute, which may surprise observability/audit logging that keys off the request URL.\n\nRequest-level middleware (as opposed to per-function middleware) does not re-run for the inner invocation.\nServer-only functions (isClientReferenced: false) cannot be reached through this mechanism.\n\n### Patches\nUpgrade to @tanstack/start-server-core \u2265 1.167.30 (or the equivalent dated release of @tanstack/react-start / @tanstack/solid-start). The fix bumps seroval to \u2265 1.5.3 and adds defense-in-depth to the serialization adapter plugin shape so adapter payloads cannot be confused with internal seroval node types.\n\n### Workarounds\nIf you cannot upgrade immediately, ensure every createServerFn(...) exposed to the client has both an .inputValidator(...) and authentication/authorization middleware via .middleware([...]). This is recommended regardless of this advisory.\n\n### Credits\n- [Mufeed VH](https://x.com/mufeedvh) of [Winfunc Research](https://winfunc.com/)\n- Upstream fix coordinated with Seroval maintainers https://github.com/lxsmnsyc/seroval",
"id": "GHSA-9m65-766c-r333",
"modified": "2026-05-14T16:37:10Z",
"published": "2026-05-14T16:37:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TanStack/router/security/advisories/GHSA-9m65-766c-r333"
},
{
"type": "PACKAGE",
"url": "https://github.com/TanStack/router"
},
{
"type": "WEB",
"url": "https://github.com/lxsmnsyc/seroval/security/advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function"
}
GHSA-9QMF-JVQ9-5549
Vulnerability from github – Published: 2022-02-13 00:00 – Updated: 2022-03-17 00:05Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-0102"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-12T00:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-9qmf-jvq9-5549",
"modified": "2022-03-17T00:05:42Z",
"published": "2022-02-13T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0102"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1260129"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QXX-6CG8-VRC4
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-7969"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-26T18:15:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-9qxx-6cg8-vrc4",
"modified": "2022-05-24T16:54:49Z",
"published": "2022-05-24T16:54:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7969"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9R2G-Q765-CQVP
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654.
{
"affected": [],
"aliases": [
"CVE-2021-31480"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-15T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654.",
"id": "GHSA-9r2g-q765-cqvp",
"modified": "2022-05-24T19:05:23Z",
"published": "2022-05-24T19:05:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31480"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-620"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.