CWE-436
Interpretation Conflict
Description
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-105 · CAPEC-273 · CAPEC-34
CVEs mapped to this weakness (69)
page 1 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8034 | Cri | 0.64 | 9.8 | 0.00 | May 7, 2026 | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname… | ||
| CVE-2026-41248 | — | Cri | 0.59 | 9.1 | 0.00 | Apr 24, 2026 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This… | |
| CVE-2026-6270 | Cri | 0.52 | 9.1 | 0.01 | Apr 16, 2026 | @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does… | ||
| CVE-2026-33808 | Cri | 0.52 | 9.1 | 0.00 | Apr 15, 2026 | Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when… | ||
| CVE-2026-33807 | Cri | 0.52 | 9.1 | 0.00 | Apr 15, 2026 | @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed… | ||
| CVE-2026-40165 | Hig | 0.50 | 8.7 | 0.00 | May 21, 2026 | authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID value from a SAML assertion, it… | ||
| CVE-2026-6322 | Hig | 0.49 | 7.5 | 0.00 | May 5, 2026 | fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a… | ||
| CVE-2024-53263 | Hig | 0.48 | — | 0.01 | Jan 14, 2025 | Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any… | ||
| CVE-2026-54134 | hig | 0.45 | — | — | Jun 23, 2026 | ### Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload… | ||
| CVE-2026-42274 | Hig | 0.44 | — | 0.00 | May 8, 2026 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3.… | ||
| CVE-2026-42273 | Hig | 0.44 | — | 0.00 | May 8, 2026 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule… | ||
| CVE-2026-42272 | Hig | 0.44 | — | 0.00 | May 8, 2026 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent… | ||
| CVE-2025-53534 | Hig | 0.43 | — | 0.01 | Aug 5, 2025 | RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take… | ||
| CVE-2026-42551 | Hig | 0.42 | 7.5 | 0.00 | May 13, 2026 | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb (including safe verbs such as GET), with no opt-in and no whitelist of… | ||
| CVE-2026-27896 | Hig | 0.42 | 7.5 | 0.00 | Feb 26, 2026 | The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match… | ||
| CVE-2025-13033 | Hig | 0.42 | 7.5 | 0.01 | Nov 14, 2025 | A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to… | ||
| CVE-2026-33804 | Hig | 0.41 | 7.4 | 0.00 | Apr 16, 2026 | @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing… | ||
| CVE-2024-50338 | Hig | 0.41 | 7.4 | 0.03 | Jan 14, 2025 | Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's… | ||
| CVE-2024-28054 | Hig | 0.41 | 7.4 | 0.01 | Mar 18, 2024 | Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for… | ||
| CVE-2026-42462 | Hig | 0.39 | 7.0 | 0.00 | Jun 10, 2026 | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it… |
- risk 0.64cvss 9.8epss 0.00
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname…
- risk 0.59cvss 9.1epss 0.00
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This…
- risk 0.52cvss 9.1epss 0.01
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does…
- risk 0.52cvss 9.1epss 0.00
Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when…
- risk 0.52cvss 9.1epss 0.00
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed…
- risk 0.50cvss 8.7epss 0.00
authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID value from a SAML assertion, it…
- risk 0.49cvss 7.5epss 0.00
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a…
- risk 0.48cvss —epss 0.01
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any…
- risk 0.45cvss —epss —
### Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload…
- risk 0.44cvss —epss 0.00
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3.…
- risk 0.44cvss —epss 0.00
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule…
- risk 0.44cvss —epss 0.00
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent…
- risk 0.43cvss —epss 0.01
RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take…
- risk 0.42cvss 7.5epss 0.00
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb (including safe verbs such as GET), with no opt-in and no whitelist of…
- risk 0.42cvss 7.5epss 0.00
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match…
- risk 0.42cvss 7.5epss 0.01
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to…
- risk 0.41cvss 7.4epss 0.00
@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing…
- risk 0.41cvss 7.4epss 0.03
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's…
- risk 0.41cvss 7.4epss 0.01
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for…
- risk 0.39cvss 7.0epss 0.00
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it…