CWE-134— Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.— MITRE CWE catalog
364 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-134page 8 of 8
- CVE-2026-22190HIGHCVSS 7.5EG 7.52026-01-07
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single…
- CVE-2026-3008MEDIUMCVSS 6.6EG 6.62026-04-27
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.
- CVE-2026-33210CRITICALCVSS 9.1EG 9.12026-03-20
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_dup…
- CVE-2026-44407MEDIUMCVSS 4.7EG 4.72026-05-07
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
- CVE-2026-46465MEDIUMCVSS 5.5EG 5.52026-07-03
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of external…
- CVE-2026-50211CRITICALCVSS 9.8EG 9.82026-06-04
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.
- CVE-2026-57877HIGHCVSS 8.6EG 8.62026-06-26
An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the l…
- CVE-2026-6241MEDIUMCVSS 6.8EG 6.82026-06-05
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifi…
- CVE-2026-6242MEDIUMCVSS 6.8EG 6.82026-06-05
An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into…
- CVE-2026-6250HIGHCVSS 8.1EG 8.12026-06-11
An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate sta…
- CVE-2026-6474MEDIUMCVSS 4.3EG 4.32026-05-14
Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
- CVE-2026-6539MEDIUMCVSS 4.4EG 4.42026-04-30
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attac…
- CVE-2026-6843MEDIUMCVSS 5.5EG 5.52026-04-22
A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading t…
- CVE-2026-7835LOWCVSS 3.1EG 3.12026-05-21
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.
Map vulnerabilities like CWE-134 to your infrastructure
EchelonGraph correlates every CVE — across CWE-134 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →