CWE-346— Origin Validation Error
The product does not properly verify that the source of data or communication is valid.— MITRE CWE catalog
562 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-346page 10 of 12
- CVE-2026-13840MEDIUMCVSS 6.5EG 6.52026-06-30
Insufficient policy enforcement in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13868MEDIUMCVSS 6.5EG 6.52026-06-30
Inappropriate implementation in Network in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Me…
- CVE-2026-13881MEDIUMCVSS 6.5EG 6.52026-06-30
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13887MEDIUMCVSS 6.5EG 6.52026-06-30
Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
- CVE-2026-13913MEDIUMCVSS 6.5EG 6.52026-06-30
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium securi…
- CVE-2026-14039MEDIUMCVSS 4.3EG 4.32026-06-30
Insufficient policy enforcement in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14046MEDIUMCVSS 4.3EG 4.32026-06-30
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14053MEDIUMCVSS 4.3EG 4.32026-06-30
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14057MEDIUMCVSS 4.3EG 4.32026-06-30
Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14079MEDIUMCVSS 4.3EG 4.32026-06-30
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14105MEDIUMCVSS 4.3EG 9.62026-07-01
Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-1997MEDIUMCVSS 5.3EG 5.32026-02-10
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devic…
- CVE-2026-20893HIGHCVSS 7.8EG 7.82026-01-07
Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is instal…
- CVE-2026-22030MEDIUMCVSS 6.5EG 6.52026-01-10
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using ser…
- CVE-2026-22077MEDIUMCVSS 5.6EG 5.62026-04-27
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure.
- CVE-2026-22694MEDIUMCVSS 6.1EG 6.12026-01-14
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a m…
- CVE-2026-22794CRITICALCVSS 9.6EG 9.62026-01-12
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, passwo…
- CVE-2026-2345LOWCVSS 3.6EG 3.62026-02-11
Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener('message', ...) handlers that do not properly validate the origin of incoming messages. Specifically, an …
- CVE-2026-25604MEDIUMCVSS 5.4EG 5.42026-03-09
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access con…
- CVE-2026-2611CRITICALCVSS 9.6EG 9.62026-05-19
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with …
- CVE-2026-27148CRITICALCVSS 9.6EG 9.62026-02-25
Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories…
- CVE-2026-2790CRITICALCVSS 9.8EG 9.82026-02-24
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-28861MEDIUMCVSS 4.3EG 4.32026-03-25
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script messa…
- CVE-2026-34083MEDIUMCVSS 6.1EG 6.12026-04-02
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used …
- CVE-2026-34198MEDIUMCVSS 5.3EG 5.32026-07-07
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies ($proxies = '*'), accepting X-Forwarded-Host from any source. The T…
- CVE-2026-34460MEDIUMCVSS 5.4EG 5.42026-06-02
NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a…
- CVE-2026-34720MEDIUMCVSS 4.3EG 4.32026-04-08
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This …
- CVE-2026-34777MEDIUMCVSS 5.4EG 5.42026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or m…
- CVE-2026-34927HIGHCVSS 7.8EG 7.82026-05-21
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the targe…
- CVE-2026-34928HIGHCVSS 7.8EG 7.82026-05-21
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Pl…
- CVE-2026-34929HIGHCVSS 7.8EG 7.82026-05-21
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. …
- CVE-2026-34930HIGHCVSS 7.8EG 7.82026-05-21
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please n…
- CVE-2026-35253MEDIUMCVSS 4.7EG 4.72026-05-06
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis…
- CVE-2026-35408HIGHCVSS 8.7EG 8.72026-04-06
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response header. Without this header, a maliciou…
- CVE-2026-35568MEDIUMCVSS 5.7EG 5.72026-04-07
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sd…
- CVE-2026-35577MEDIUMCVSS 6.8EG 6.82026-04-09
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport…
- CVE-2026-37737MEDIUMCVSS 6.5EG 6.52026-06-05
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering …
- CVE-2026-37977MEDIUMCVSS 5.3EG 3.72026-04-06
A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a clien…
- CVE-2026-3846MEDIUMCVSS 6.5EG 6.52026-03-10
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.
- CVE-2026-40594MEDIUMCVSS 4.8EG 4.82026-04-21
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwarded-Proto header from any HTTP request …
- CVE-2026-40622HIGHCVSS 7.5EG 7.52026-05-20
NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost doma…
- CVE-2026-41057HIGHCVSS 7.1EG 7.12026-04-21
WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e64aad` is incomplete. Two separate code paths still reflect arbitrary `Origin` headers with credentials allowed for all…
- CVE-2026-41342HIGHCVSS 7.3EG 7.32026-04-23
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to …
- CVE-2026-41358MEDIUMCVSS 5.4EG 5.42026-04-23
OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sende…
- CVE-2026-41376MEDIUMCVSS 5.4EG 5.42026-04-28
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should b…
- CVE-2026-41393MEDIUMCVSS 4.8EG 4.82026-04-28
OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credenti…
- CVE-2026-41398MEDIUMCVSS 4.6EG 4.62026-04-28
OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controll…
- CVE-2026-41700HIGHCVSS 8.1EG 8.12026-06-11
Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitr…
- CVE-2026-41886HIGHCVSS 7.5EG 7.52026-05-08
locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener("message", …) handler that dispatches to registered internal handlers (editKey, commi…
- CVE-2026-42341CRITICALCVSS 9.2EG 9.22026-07-06
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, …
Map vulnerabilities like CWE-346 to your infrastructure
EchelonGraph correlates every CVE — across CWE-346 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →