CWE-436

Interpretation Conflict

Parent: CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

95 vulnerabilities with CWE-436
CVE-2026-41248 CRITICAL
Official Clerk JavaScript SDKs: Middleware-based route protection bypass
CVSS 9.1
CVE-2026-33804 HIGH
@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option
CVSS 7.4
CVE-2026-6270 CRITICAL
@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
CVSS 9.1
CVE-2026-33808 CRITICAL
@fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
CVE-2026-33807 CRITICAL
@fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes
CVSS 9.1
CVE-2026-35200 MEDIUM
Parse Server has a file upload Content-Type override via extension mismatch
CVSS 5.4
CVE-2026-32762 MEDIUM
Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing
CVSS 4.8
CVE-2026-26961 LOW
Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass
CVSS 3.7
CVE-2026-32065 MEDIUM
OpenClaw < 2026.2.25 - Approval Identity Mismatch in system.run Command Execution
CVSS 4.8
CVE-2026-32052 MEDIUM
OpenClaw < 2026.2.24 - Hidden Command Execution via Shell-Wrapper Positional argv Carriers
CVSS 6.4
CVE-2026-32766 MEDIUM
astral-tokio-tar insufficiently validates PAX extensions during extraction
CVSS 5.3
CVE-2026-27444 HIGH
SEPPmail Secure Email Gateway <15.0.1 - Auth Bypass
CVSS 7.5
CVE-2026-27896 HIGH
Go MCP SDK <1.3.1 - Auth Bypass
CVSS 7.5
CVE-2026-0958 HIGH
Gitlab < 18.6.6 - Interpretation Conflict
CVSS 7.5
CVE-2026-23686 LOW
SAP NetWeaver Application Server Java - CRLF Injection
CVSS 3.4
CVE-2026-25223 HIGH
Fastify < 5.7.2 - Interpretation Conflict
CVSS 7.5
CVE-2025-66490 MEDIUM
Traefik <3.6.2 - Path Traversal
CVSS 6.5
CVE-2025-12816 HIGH
node-forge <1.3.1 - SSRF
CVSS 8.6
CVE-2025-54368 MEDIUM
Pypi UV < 0.8.6 - Interpretation Conflict
CVE-2025-48384 HIGH KEV
Git - Info Disclosure
CVSS 8.0
CVE-2025-1217 LOW
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
CVSS 3.1
CVE-2025-25292 CRITICAL
ruby-saml <1.12.4,1.18.0 - Auth Bypass
CVSS 9.8
CVE-2025-25291 CRITICAL
ruby-saml <1.12.4,1.18.0 - Auth Bypass
CVSS 9.8
CVE-2025-24013 MEDIUM
Codeigniter < 4.5.8 - Interpretation Conflict
CVSS 5.3
CVE-2024-55629 HIGH
Oisf Suricata < 7.0.8 - Interpretation Conflict
CVSS 7.5
Details
Vulnerabilities 95
Links
MITRE CWE Entry Search this CWE With Exploits