Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-441

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

69 vulnerabilities with CWE-441

CVE-2026-30225 MEDIUM

OliveTin <3000.11.1 - Privilege Escalation

CVE-2026-0021 HIGH

AppInfoBase.java - Privilege Escalation

CVE-2026-0013 HIGH

DocumentsUI - Privilege Escalation

CVE-2026-0008 HIGH

Android - Privilege Escalation

CVE-2025-48646 HIGH

ActivityStarter.java - Privilege Escalation

CVE-2025-48579 HIGH

MediaProvider.java - Privilege Escalation

CVE-2026-27624 HIGH

Coturn - Auth Bypass

CVE-2023-31313 HIGH

continuity - SSRF

CVE-2026-24470 HIGH

Skipper <0.24.0 - Privilege Escalation

Nuvation Energy nCloud VPN Service - Info Disclosure

CVE-2025-64123 CRITICAL

Nuvation Energy MSC <2.5.1 - SSRF

CVE-2025-68944 MEDIUM

Gitea <1.22.2 - Info Disclosure

Conduit <0.10.10 - SSRF

CVE-2025-11393 HIGH

Runtimes-Inventory-Rhel8-Operator - Privilege Escalation

CVE-2025-36889 MEDIUM

Google Android - Information Disclosure

CVE-2025-48628 HIGH

PrintManagerService - Privilege Escalation

CVE-2025-48598 MEDIUM

Face Unlock Settings - Privilege Escalation

CVE-2025-48586 HIGH

EditFdnContactScreen - Info Disclosure

CVE-2025-48555 HIGH

NotificationStation - Info Disclosure

CVE-2025-48536 HIGH

SettingsSliceProvider - Privilege Escalation

CVE-2025-22420 HIGH

Multiple Locations - Info Disclosure

CVE-2025-66415 MEDIUM

Fastify-reply-from <12.5.0 - SSRF

CVE-2025-61780 MEDIUM

Rack < 2.2.20 - Information Disclosure

CVE-2025-32320 HIGH

System UI - Privilege Escalation

Page 1 of 3 Next

Details

Vulnerabilities 69

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy