CWE-843— Access of Resource Using Incompatible Type (Type Confusion)
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.— MITRE CWE catalog
784 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-843page 15 of 16
- CVE-2026-21691MEDIUMCVSS 5.4EG 5.42026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21692HIGHCVSS 8.8EG 8.82026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21693HIGHCVSS 8.8EG 8.82026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in …
- CVE-2026-21710HIGHCVSS 7.5EG 7.52026-03-30
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Obj…
- CVE-2026-21854CRITICALCVSS 9.8EG 9.82026-01-07
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager a…
- CVE-2026-22028MEDIUMCVSS 6.1EG 6.12026-01-08
Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In …
- CVE-2026-22046HIGHCVSS 8.8EG 8.82026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerabili…
- CVE-2026-24874CRITICALCVSS 9.1EG 9.12026-01-27
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30.
- CVE-2026-24914MEDIUMCVSS 4.0EG 4.02026-02-06
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-25204HIGHCVSS 7.5EG 6.22026-04-13
Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335
- CVE-2026-25503HIGHCVSS 7.1EG 7.12026-02-03
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behav…
- CVE-2026-25537HIGHCVSS 7.5EG 7.52026-02-04
jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON…
- CVE-2026-26110HIGHCVSS 8.4EG 8.42026-03-10
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-26162HIGHCVSS 7.8EG 7.82026-04-14
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
- CVE-2026-27144HIGHCVSS 7.1EG 7.12026-04-08
The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corrupti…
- CVE-2026-27298HIGHCVSS 7.8EG 7.82026-04-14
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t…
- CVE-2026-2783HIGHCVSS 7.5EG 7.52026-02-24
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- CVE-2026-2796CRITICALCVSS 9.8EG 9.82026-02-24
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- CVE-2026-28983HIGHCVSS 7.5EG 7.52026-05-11
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a de…
- CVE-2026-31502HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confusion with non-Ethernet ports Similar to commit 950803f72547 ("bonding: fix type confusion in bond_setup_by_slave()") team has the same cla…
- CVE-2026-33937CRITICALCVSS 9.8EG 9.82026-03-27
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral`…
- CVE-2026-33938HIGHCVSS 8.1EG 8.12026-03-27
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a templat…
- CVE-2026-33940HIGHCVSS 8.1EG 8.12026-03-27
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartia…
- CVE-2026-34344HIGHCVSS 7.8EG 7.82026-05-12
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-34379HIGHCVSS 7.1EG 7.12026-04-06
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists i…
- CVE-2026-35417HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- CVE-2026-35541MEDIUMCVSS 4.2EG 4.22026-04-03
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.
- CVE-2026-39956MEDIUMCVSS 6.1EG 6.12026-04-13
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() without verifying they are strings, and jv_s…
- CVE-2026-40364HIGHCVSS 8.4EG 8.42026-05-12
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2026-40446CRITICALCVSS 9.8EG 6.92026-04-13
Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
- CVE-2026-40683HIGHCVSS 7.7EG 7.72026-04-14
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi …
- CVE-2026-43037CRITICALCVSS 9.8EG 9.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv…
- CVE-2026-43038CRITICALCVSS 9.8EG 9.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP error packet …
- CVE-2026-43705HIGHCVSS 8.8EG 8.82026-06-29
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.
- CVE-2026-43862LOWCVSS 3.7EG 3.72026-05-04
In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
- CVE-2026-44325HIGHCVSS 7.5EG 7.52026-05-27
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go r…
- CVE-2026-44628HIGHCVSS 7.5EG 7.52026-06-30
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.
- CVE-2026-44640MEDIUMCVSS 4.5EG 4.52026-05-29
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This type confusion causes invalid object int…
- CVE-2026-44728HIGHCVSS 8.2EG 8.22026-05-26
Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arb…
- CVE-2026-44817HIGHCVSS 7.8EG 7.82026-06-09
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-45456HIGHCVSS 8.4EG 8.42026-06-09
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-45600HIGHCVSS 7.8EG 7.82026-06-09
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- CVE-2026-45635HIGHCVSS 8.1EG 8.12026-06-09
Access of resource using incompatible type ('type confusion') in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
- CVE-2026-45641HIGHCVSS 7.8EG 8.42026-06-09
Access of resource using incompatible type ('type confusion') in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- CVE-2026-45702MEDIUMCVSS 5.5EG 5.52026-06-03
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulne…
- CVE-2026-4698CRITICALCVSS 9.8EG 9.82026-03-24
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- CVE-2026-4702CRITICALCVSS 9.8EG 9.82026-03-24
JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- CVE-2026-48682MEDIUMCVSS 5.9EG 5.92026-06-02
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code ad…
- CVE-2026-5360LOWCVSS 3.7EG 3.72026-04-02
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high comple…
- CVE-2026-54164MEDIUMCVSS 6.5EG 6.52026-07-01
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation I…
Map vulnerabilities like CWE-843 to your infrastructure
EchelonGraph correlates every CVE — across CWE-843 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →