CWE-1395— Dependency on Vulnerable Third-Party Component
The product has a dependency on a third-party component that contains one or more known vulnerabilities.— MITRE CWE catalog
4 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1395page 1 of 1
- CVE-2026-23654HIGHCVSS 8.8EG 8.82026-03-10
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
- CVE-2026-47906HIGHCVSS 8.6EG 8.62026-06-09
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2026-55789HIGHCVSS 8.5EG 8.52026-07-10
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes suc…
- CVE-2026-8993MEDIUMCVSS 6.5EG 6.52026-06-02
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection …
Map vulnerabilities like CWE-1395 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1395 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →