CWE-940— Improper Verification of Source of a Communication Channel
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.— MITRE CWE catalog
54 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-940page 2 of 2
- CVE-2026-48745CRITICALCVSS 9.3EG 9.32026-06-17
Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters an…
- CVE-2026-54106MEDIUMCVSS 4.7EG 4.72026-06-18
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote atta…
- CVE-2026-55660HIGHCVSS 7.6EG 7.62026-06-19
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library register…
- CVE-2026-6734HIGHCVSS 7.5EG 7.52026-06-17
Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first…
Map vulnerabilities like CWE-940 to your infrastructure
EchelonGraph correlates every CVE — across CWE-940 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →