CWE-357 (Insufficient UI Warning of Dangerous Operations) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-47782 | 2026-05-20 | Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web pa… |
| CVE-2026-26151 | 2026-04-14 | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2025-47967 | 2025-09-16 | Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2025-33054 | 2025-07-08 | Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2025-49587 | 2025-06-13 | XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and sav… |
| CVE-2025-49585 | 2025-06-13 | XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass defin… |
| CVE-2025-49583 | 2025-06-13 | XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that … |
| CVE-2025-49582 | 2025-06-13 | XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of … |
| CVE-2024-49054 | 2024-11-22 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-43580 | 2024-10-17 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-43505 | 2024-10-08 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2024-30058 | 2024-06-13 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-29057 | 2024-03-22 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-26188 | 2024-02-23 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-21336 | 2024-01-26 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-21387 | 2024-01-26 | Microsoft Edge for Android Spoofing Vulnerability |
| CVE-2022-41904 | 2022-11-11 | Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated … |
| CVE-2021-22645 | 2021-02-23 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to … |
| CVE-2019-13521 | 2020-01-27 | A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information relate… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Taxonomy_Mappings |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Description |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Related_Attack_Patterns |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |