Sign in Get started

CWE-351

Insufficient Type Distinction

BaseDraft

Description

The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

CVEs mapped to this weakness (4)

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-31951	Hig	0.57	8.8	0.00		May 6, 2026	HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.
CVE-2025-54413	Hig	0.50	—	0.00		Jul 26, 2025	skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0.
CVE-2025-54412	Hig	0.50	—	0.00		Jul 26, 2025	skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.
CVE-2026-41341	Med	0.28	5.4	0.00		Apr 23, 2026	OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling.