Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-436

CWE-436

Interpretation Conflict

Parent: CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

109 vulnerabilities with CWE-436

CVE-2026-42462 HIGH

Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

CVE-2026-47344 LOW

TYPO3 HTML Sanitizer allows Cross-Site Scripting

CVE-2026-40930 MEDIUM

LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

CVE-2026-47076 MEDIUM

SSRF allowlist bypass via percent-encoded host in hackney

CVE-2026-40165 HIGH

authentik: SAML NameID XML Comment Injection Enables Authentication Bypass via Identifier Truncation

CVE-2026-42551 HIGH

Flight: HTTP method override enabled by default enables CSRF escalation and middleware bypass in flightphp/core

CVE-2026-44576 MEDIUM

Next.js: Cache poisoning in React Server Component responses

CVE-2026-42177 MEDIUM

linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

CVE-2026-42274 HIGH

Heimdall: Authorization bypass via path normalization mismatch

CVE-2026-42273 HIGH

Heimdall: Case-sensitive host matching may lead to policy bypass

CVE-2026-42272 HIGH

Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation

CVE-2026-8034 CRITICAL

Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

CVE-2026-30246 MEDIUM

github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

CVE-2026-6322 HIGH

fast-uri vulnerable to host confusion via percent-encoded authority delimiters

CVE-2026-41248 CRITICAL

Official Clerk JavaScript SDKs: Middleware-based route protection bypass

CVE-2026-33804 HIGH

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

CVE-2026-6270 CRITICAL

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

CVE-2026-33808 CRITICAL

@fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)

CVE-2026-33807 CRITICAL

@fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes

CVE-2026-35200 MEDIUM

Parse Server File Uploads - Content-Type Override

CVE-2026-32762 MEDIUM

Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing

CVE-2026-26961 LOW

Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass

CVE-2026-32065 MEDIUM

OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution

CVE-2026-32052 MEDIUM

OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers

CVE-2026-32766 MEDIUM

astral-tokio-tar insufficiently validates PAX extensions during extraction

Page 1 of 5 Next

Details

Vulnerabilities 109

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy