threat
engine
.sh
Back
·
··:··
Home
/
CWE
/
Encoding Error
Weakness
Encoding Error
CWE-172 · Class · Draft
The product does not properly encode or decode the data, resulting in unexpected values.
△
Weakness Relationships
Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOf
CWE-707 · Improper Neutralization
Children (more specific)
ParentOf
CWE-173 · Improper Handling of Alternate Encoding
ParentOf
CWE-174 · Double Decoding of the Same Data
ParentOf
CWE-175 · Improper Handling of Mixed Encoding
ParentOf
CWE-176 · Improper Handling of Unicode Encoding
ParentOf
CWE-177 · Improper Handling of URL Encoding (Hex Encoding)
Related
CanPrecede
CWE-22 · Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CanPrecede
CWE-41 · Improper Resolution of Path Equivalence
◆
Attack Patterns (CAPEC)
10
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-120
Double Encoding
CAPEC-267
Leverage Alternate Encoding
CAPEC-3
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-52
Embedding NULL Bytes
CAPEC-53
Postfix, Null Terminate, and Backslash
CAPEC-64
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-71
Using Unicode Encoding to Bypass Validation Logic
CAPEC-72
URL Encoding
CAPEC-78
Using Escaped Slashes in Alternate Encoding
CAPEC-80
Using UTF-8 Encoding to Bypass Validation Logic
⚠
CVEs With This Weakness
16
A sample of the 16 CVEs tagged with this weakness.
CVE
CVE-2026-42926
CVE
CVE-2025-27110
CVE
CVE-2025-12758
CVE
CVE-2024-48909
CVE
CVE-2021-33604
CVE
CVE-2019-12677
CVE
CVE-2019-10160
CVE
CVE-2019-10153
CVE
CVE-2018-7289
CVE
CVE-2018-7173
CVE
CVE-2018-3777
CVE
CVE-2018-2415
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin