VYPR

CWE-436

Interpretation Conflict

ClassIncomplete

Description

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-105 · CAPEC-273 · CAPEC-34

CVEs mapped to this weakness (69)

page 2 of 4
  • CVE-2026-44974higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Impact The two parsers resolved duplicates inconsistently and silently: - `Content.disposition()` retained the last occurrence of each parameter. - `Content.type()` retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling…

  • CVE-2026-32971HigMar 31, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after…

  • CVE-2025-54368MedAug 8, 2025
    risk 0.37cvss epss 0.00

    uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would…

  • CVE-2026-47076MedMay 25, 2026
    risk 0.35cvss 6.5epss 0.00

    Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host component after the URL has been parsed into a #hackney_url{} record. OTP's uri_string:parse/1 and inet:parse_address/1 do not decode…

  • CVE-2026-30246MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can…

  • CVE-2026-41388MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation…

  • CVE-2026-40930MedJun 4, 2026
    risk 0.28cvss 5.4epss 0.00

    LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC,…

  • CVE-2026-44576MedMay 13, 2026
    risk 0.28cvss 5.4epss 0.00

    Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected…

  • CVE-2026-35200MedApr 6, 2026
    risk 0.28cvss 5.4epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist (e.g., .txt) but with a Content-Type header that…

  • CVE-2026-42177MedMay 12, 2026
    risk 0.27cvss 5.3epss 0.00

    linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's…

  • CVE-2026-32766MedMar 20, 2026
    risk 0.27cvss 5.3epss 0.00

    astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping (rather than rejection) of invalid PAX extensions could be used as a building…

  • CVE-2026-12491modJun 10, 2026
    risk 0.24cvss 4.8epss 0.00

    vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

  • CVE-2026-32762MedApr 2, 2026
    risk 0.24cvss 4.8epss 0.00

    Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwarded_values parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally…

  • CVE-2026-26961LowApr 2, 2026
    risk 0.17cvss 3.7epss 0.00

    Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack…

  • CVE-2026-47344LowJun 8, 2026
    risk 0.07cvss epss 0.00

    When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting…

  • CVE-2026-53538lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `QuerystringParser` treated `;` as a field separator in `application/x-www-form-urlencoded` bodies, in addition to `&`. The [WHATWG URL standard](https://url.spec.whatwg.org/#urlencoded-parsing), modern browsers, and Python's `urllib.parse` (since the CVE-2021-23336…

  • CVE-2026-53537lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `parse_options_header` parsed `Content-Disposition` (and `Content-Type`) headers with [`email.message.Message`](https://docs.python.org/3/library/email.compat32-message.html#email.message.Message), which transparently applies [RFC…

  • CVE-2026-53655Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `tar` (node-tar) applies a PAX extended header's `size=` record (and other PAX overrides) to the **next header entry of any type**, including intermediary metadata headers such as a GNU long-name (`L`) or long-link (`K`) entry. Per POSIX pax, a PAX extended header…

  • CVE-2026-47767Jun 9, 2026
    risk 0.00cvss epss 0.00

    ### Description CVE-2024-50340 (GHSA-x8vp-gf4q-mw5j) addressed an issue where, with `register_argc_argv=On`, a crafted query string let an unauthenticated GET change the kernel environment and debug flag by feeding `--env`/`--no-debug` through `$_SERVER['argv']`. The fix…

  • CVE-2026-27183Mar 23, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wrapper handling that allows attackers to skip shell wrapper approval requirements. The approval classifier and execution planner apply different depth-boundary rules,…