Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-807

CWE-807

High likelihood

Reliance on Untrusted Inputs in a Security Decision

Parent: CWE-693 - Protection Mechanism Failure

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

72 vulnerabilities with CWE-807

CVE-2026-39807 MEDIUM

Client-supplied URI scheme trusted without transport verification in bandit

CVE-2026-41403 LOW

OpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request Misclassification

CVE-2026-41390 HIGH

OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper

CVE-2026-41380 HIGH

OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables

CVE-2026-1789 MEDIUM

Canon imagePRESS Series - Info Disclosure

CVE-2026-41299 HIGH

OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard

CVE-2026-0390 MEDIUM

UEFI Secure Boot Security Feature Bypass Vulnerability

CVE-2026-35670 MEDIUM

OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat

CVE-2026-35655 MEDIUM

OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution

CVE-2026-35624 MEDIUM

OpenClaw < 2026.3.22 - Policy Confusion via Room Name Collision in Nextcloud Talk

CVE-2026-35617 MEDIUM

OpenClaw < 2026.3.25 - Authorization Bypass via Group Policy Rebinding with Mutable Space displayName

CVE-2026-29134 HIGH

GINA Domain Switch

CVE-2026-32975 CRITICAL

OpenClaw < 2026.3.12 - Weak Authorization via Mutable Group Names in Zalouser Allowlist

CVE-2026-32898 MEDIUM

OpenClaw < 2026.2.23 - ACP Permission Auto-Approval Bypass via Untrusted Tool Metadata

CVE-2026-32057 HIGH

OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter

CVE-2026-29794 MEDIUM

Vikunja has Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers

CVE-2026-33068 HIGH

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

CVE-2026-27707 HIGH

Seerr 2.0.0-3.1.0 - Auth Bypass

CVE-2026-21514 HIGH KEV

Microsoft Office Word - Info Disclosure

CVE-2026-25958 HIGH

Cubejs-backend Server-core < 1.0.14 - Privilege Escalation

CVE-2026-25931 HIGH

vscode-spell-checker <4.5.4 - Info Disclosure

CVE-2026-21509 HIGH KEV

Microsoft Office - Info Disclosure

CVE-2026-23848 MEDIUM

MyTube <1.7.71 - DoS

CVE-2026-20849 HIGH

Windows Kerberos - Privilege Escalation

CVE-2025-13926 CRITICAL

Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision

Page 1 of 3 Next

Details

Vulnerabilities 72

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy