CWE-436 122 個 CVE MITRE 定義 ↗

CWE-436:Interpretation Conflict

概覽

CWE-436(Interpretation Conflict)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-63030 2026-07-17 WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the author__not_in WP_Query SQL Injection (CVE-2026-60137), coul…
CVE-2026-44974 2026-07-17 @hapi/content provided HTTP Content-* headers parsing. Prior to 6.0.2, Content.disposition() retained the last occurrence of each duplicate parameter while Content.type() retained the first occurrence…
CVE-2026-47767 2026-07-14 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsin…
CVE-2026-45066 2026-07-14 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowl…
CVE-2026-56329 2026-07-10 Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can regist…
CVE-2026-56669 2026-07-08 Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for mult…
CVE-2026-59882 2026-07-08 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or m…
CVE-2026-14198 2026-07-01 @fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding during…
CVE-2026-13676 2026-06-29 fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL construc…
CVE-2026-53538 2026-06-22 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG…
CVE-2026-53537 2026-06-22 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently…
CVE-2026-53655 2026-06-22 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including inte…
CVE-2026-48788 2026-06-17 Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability exploi…
CVE-2026-42462 2026-06-10 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to …
CVE-2026-47344 2026-06-08 When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content …
CVE-2026-40930 2026-06-04 LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG par…
CVE-2026-47076 2026-05-25 Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host component after the URL has been parsed into a #hackney_url{} …
CVE-2026-40165 2026-05-20 authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injecti…
CVE-2026-42551 2026-05-13 Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb …
CVE-2026-44576 2026-05-13 Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when sh…

曾用名

  • Multiple Interpretation Error (MIE) (2008-04-11)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Description
2009-05-27 CWE Content Team 1.4 updated Related_Attack_Patterns
2009-10-29 CWE Content Team 1.6 updated Relationships
2010-02-16 CWE Content Team 1.8 updated Relationships, Taxonomy_Mappings
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2014-06-23 CWE Content Team 2.7 updated Applicable_Platforms, Description, Observed_Examples, Other_Notes, References
2014-07-30 CWE Content Team 2.8 updated Relationships
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Observed_Examples, References, Relationships
2018-03-27 CWE Content Team 3.1 updated References
2019-06-20 CWE Content Team 3.3 updated Relationships, Type
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2022-06-28 CWE Content Team 4.8 updated Relationships
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated References
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence