CWE-1286 (Improper Validation of Syntactic Correctness of Input) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Often | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-50131 | 2026-06-10 | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validatio… |
| CVE-2025-8873 | 2026-06-04 | On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, an… |
| CVE-2019-25720 | 2026-06-03 | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the… |
| CVE-2021-4479 | 2026-06-02 | Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibu… |
| CVE-2019-25723 | 2026-06-02 | Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted no… |
| CVE-2026-24092 | 2026-06-01 | Memory Corruption when processing fastboot commands to set display mode. |
| CVE-2026-24091 | 2026-06-01 | Memory corruption while processing fastboot commands with improperly formatted input. |
| CVE-2026-24089 | 2026-06-01 | Memory corruption while processing fastboot commands with invalid input. |
| CVE-2026-24087 | 2026-06-01 | Memory corruption while processing fastboot OEM commands. |
| CVE-2026-10099 | 2026-05-29 | XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending un… |
| CVE-2026-7307 | 2026-05-19 | A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high C… |
| CVE-2026-0983 | 2026-05-18 | Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash |
| CVE-2026-6442 | 2026-04-16 | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding speci… |
| CVE-2026-40198 | 2026-04-10 | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly… |
| CVE-2026-33778 | 2026-04-09 | An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, ne… |
| CVE-2026-34835 | 2026-04-02 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that acce… |
| CVE-2026-20114 | 2026-03-25 | A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that woul… |
| CVE-2025-13995 | 2026-03-19 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account. |
| CVE-2026-3632 | 2026-03-17 | A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be … |
| CVE-2025-59785 | 2026-03-04 | Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Related_Attack_Patterns |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Related_Attack_Patterns |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Observed_Examples |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |