CWE-807— Reliance on Untrusted Inputs in a Security Decision
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.— MITRE CWE catalog
77 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-807page 2 of 2
- CVE-2026-21509HIGHCVSS 7.8EG 9.0⚠ KEV2026-01-26
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
- CVE-2026-21514HIGHCVSS 7.8EG 9.0⚠ KEV2026-02-10
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
- CVE-2026-23848MEDIUMCVSS 6.5EG 6.52026-01-19
MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general AP…
- CVE-2026-24120CRITICALCVSS 9.8EG 9.82026-05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands…
- CVE-2026-25931HIGHCVSS 7.8EG 7.82026-02-09
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value …
- CVE-2026-25958HIGHCVSS 7.7EG 7.72026-02-09
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is …
- CVE-2026-29134HIGHCVSS 7.5EG 7.52026-04-02
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions.
- CVE-2026-31892HIGHCVSS 8.1EG 8.12026-03-11
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in …
- CVE-2026-32057HIGHCVSS 7.1EG 7.12026-03-21
OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role…
- CVE-2026-32898MEDIUMCVSS 5.4EG 5.42026-03-21
OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerability in the ACP client that auto-approves tool calls based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive a…
- CVE-2026-32975CRITICALCVSS 9.8EG 9.82026-03-29
OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted …
- CVE-2026-34486HIGHCVSS 7.5EG 7.52026-04-09
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to u…
- CVE-2026-35617MEDIUMCVSS 4.2EG 4.22026-04-09
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names t…
- CVE-2026-35624MEDIUMCVSS 4.2EG 4.22026-04-09
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain un…
- CVE-2026-35655MEDIUMCVSS 5.7EG 5.72026-04-10
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to s…
- CVE-2026-35670MEDIUMCVSS 5.9EG 5.92026-04-10
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can ma…
- CVE-2026-39807MEDIUMCVSS 6.3EG 6.32026-05-01
Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determine_scheme/2 in lib/bandit/pipeline.ex retur…
- CVE-2026-41299HIGHCVSS 7.1EG 7.12026-04-21
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorizatio…
- CVE-2026-41380HIGHCVSS 7.3EG 7.32026-04-28
OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional ca…
- CVE-2026-41390HIGHCVSS 7.3EG 7.32026-04-28
OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrappe…
- CVE-2026-41403LOWCVSS 2.9EG 2.92026-04-28
OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests …
- CVE-2026-43935HIGHCVSS 8.1EG 8.12026-05-26
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled dom…
- CVE-2026-44649CRITICALCVSS 9.8EG 9.82026-05-29
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authel…
- CVE-2026-48491CRITICALCVSS 10.0EG 10.02026-06-16
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated client to bypass mutual TLS enforced throu…
- CVE-2026-48980MEDIUMCVSS 6.3EG 6.32026-06-18
pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environ…
- CVE-2026-53860MEDIUMCVSS 5.4EG 4.22026-06-16
OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversatio…
- CVE-2026-6213CRITICALCVSS 10.0EG 10.02026-05-08
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be…
Map vulnerabilities like CWE-807 to your infrastructure
EchelonGraph correlates every CVE — across CWE-807 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →