CWE-346

Origin Validation Error

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product does not properly verify that the source of data or communication is valid.

556 vulnerabilities with CWE-346
CVE-2026-47825 HIGH
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations
CVSS 8.6
CVE-2026-9595 MEDIUM
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
CVSS 5.3
CVE-2026-11624 CRITICAL
Google Mcp Toolbox For Databases < 0.25.0 - Origin Validation Error
CVE-2026-45173 HIGH
Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure
CVE-2026-12032 LOW
Google Chrome < 149.0.7827.115 - Site Isolation Bypass via Crafted HTML Page
CVSS 3.1
CVE-2026-12024 MEDIUM
Google Chrome < 149.0.7827.115 - Same Origin Policy Bypass via DevTools
CVSS 6.5
CVE-2026-41700 HIGH
Cross-Site WebSocket Hijacking in Spring for GraphQL
CVSS 8.1
CVE-2026-42558 HIGH
Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet
CVSS 7.6
CVE-2026-10846 HIGH
NLnet Labs ldns - Insufficient Verification That Responses Belong to a Query
CVE-2026-44755 MEDIUM
SAP BusinessObjects BI Platform - Authenticated Email Spoofing
CVSS 4.3
CVE-2026-11693 HIGH
Google Chrome < 149.0.7827.103 - Site Isolation Bypass via Plugins
CVSS 8.1
CVE-2026-43972 MEDIUM
gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection
CVE-2026-37737 MEDIUM
sanic-cors <= 2.2.0 - CORS Origin Bypass via Improper Regular Expression
CVSS 6.5
CVE-2026-11309 MEDIUM
Google Chrome < 149.0.7827.53 - UI Spoofing via History Policy Enforcement
CVSS 4.3
CVE-2026-11298 MEDIUM
Chrome for iOS < 149.0.7827.53 - Same Origin Policy Bypass via Crafted HTML Page
CVSS 4.3
CVE-2026-11291 MEDIUM
Google Chrome < 149.0.7827.53 - Same Origin Policy Bypass via Android Autofill
CVSS 4.3
CVE-2026-11278 MEDIUM
Google Chrome < 149.0.7827.53 on Android - Cross-Origin Data Leak via CustomTabs
CVSS 6.5
CVE-2026-11243 MEDIUM
Google Chrome < 149.0.7827.53 - Navigation Restriction Bypass via Crafted HTML Page
CVSS 5.4
CVE-2026-11226 MEDIUM
Google Chrome < 149.0.7827.53 - Same Origin Policy Bypass via PreviewTab
CVSS 6.5
CVE-2026-11217 MEDIUM
Google Chrome < 149.0.7827.53 - Site Isolation Bypass via Fenced Frames
CVSS 6.5
CVE-2026-11214 MEDIUM
Chrome for iOS < 149.0.7827.53 - Cross-Origin Data Leak via Crafted HTML Page
CVSS 6.5
CVE-2026-11200 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via WebRTC
CVSS 6.5
CVE-2026-11195 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via MHTML
CVSS 6.5
CVE-2026-11194 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Network Implementation
CVSS 6.5
CVE-2026-11181 MEDIUM
Google Chrome < 149.0.7827.53 - Same Origin Policy Bypass via Media Session
CVSS 6.3
Details
Vulnerabilities 556
Links
MITRE CWE Entry Search this CWE With Exploits