VYPR

CWE-436

Interpretation Conflict

ClassIncomplete

Description

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-105 · CAPEC-273 · CAPEC-34

CVEs mapped to this weakness (69)

page 3 of 4
  • CVE-2026-32065Mar 21, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulnerability in system.run where rendered command text is used as approval identity while trimming argv token whitespace, but runtime execution uses raw argv. An attacker can craft a trailing-space…

  • CVE-2026-32052Mar 21, 2026
    risk 0.00cvss epss 0.01

    OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability in the system.run shell-wrapper that allows attackers to execute hidden commands by injecting positional argv carriers after inline shell payloads. Attackers can craft misleading approval text while…

  • CVE-2026-25223Feb 3, 2026
    risk 0.00cvss epss 0.01

    Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed…

  • CVE-2025-66490Dec 9, 2025
    risk 0.00cvss epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted…

  • CVE-2025-12816Nov 25, 2025
    risk 0.00cvss epss 0.01

    An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and…

  • CVE-2025-25292Mar 12, 2025
    risk 0.00cvss epss 0.64

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can…

  • CVE-2025-25291Mar 12, 2025
    risk 0.00cvss epss 0.20

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can…

  • CVE-2025-24013Jan 20, 2025
    risk 0.00cvss epss 0.00

    CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially…

  • CVE-2024-42487Aug 15, 2024
    risk 0.00cvss epss 0.01

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification.…

  • CVE-2024-40767Jul 24, 2024
    risk 0.00cvss epss 0.01

    In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of…

  • CVE-2023-52892Jun 27, 2024
    risk 0.00cvss epss 0.00

    In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509…

  • CVE-2024-34478May 5, 2024
    risk 0.00cvss epss 0.01

    btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain…

  • CVE-2024-29034Mar 24, 2024
    risk 0.00cvss epss 0.00

    CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a…

  • CVE-2024-24754Feb 1, 2024
    risk 0.00cvss epss 0.01

    Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is…

  • CVE-2024-24753Feb 1, 2024
    risk 0.00cvss epss 0.00

    Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an…

  • CVE-2024-23644Jan 24, 2024
    risk 0.00cvss epss 0.01

    Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in…

  • CVE-2023-30541Apr 17, 2023
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with…

  • CVE-2023-30536Apr 17, 2023
    risk 0.00cvss epss 0.01

    slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will…

  • CVE-2023-29197Apr 17, 2023
    risk 0.00cvss epss 0.01

    guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the…

  • CVE-2023-24813Feb 7, 2023
    risk 0.00cvss epss 0.02

    Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if…