threat
engine
.sh
Back
·
··:··
Home
/
CWE
/
Origin Validation Error
Weakness
Origin Validation Error
CWE-346 · Class · Draft
The product does not properly verify that the source of data or communication is valid.
△
Weakness Relationships
Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOf
CWE-284 · Improper Access Control
ChildOf
CWE-345 · Insufficient Verification of Data Authenticity
Children (more specific)
ParentOf
CWE-1385 · Missing Origin Validation in WebSockets
ParentOf
CWE-940 · Improper Verification of Source of a Communication Channel
◆
Attack Patterns (CAPEC)
16
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-111
JSON Hijacking (aka JavaScript Hijacking)
CAPEC-141
Cache Poisoning
CAPEC-142
DNS Cache Poisoning
CAPEC-160
Exploit Script-Based APIs
CAPEC-21
Exploitation of Trusted Identifiers
CAPEC-384
Application API Message Manipulation via Man-in-the-Middle
CAPEC-385
Transaction or Event Tampering via Application API Manipulation
CAPEC-386
Application API Navigation Remapping
CAPEC-387
Navigation Remapping To Propagate Malicious Content
CAPEC-388
Application API Button Hijacking
CAPEC-510
SaaS User Request Forgery
CAPEC-59
Session Credential Falsification through Prediction
CAPEC-60
Reusing Session IDs (aka Session Replay)
CAPEC-75
Manipulating Writeable Configuration Files
CAPEC-76
Manipulating Web Input to File System Calls
CAPEC-89
Pharming
⚠
CVEs With This Weakness
556
A sample of the 556 CVEs tagged with this weakness.
CVE
CVE-2026-7986
CVE
CVE-2026-7979
CVE
CVE-2026-7643
CVE
CVE-2026-7581
CVE
CVE-2026-7439
CVE
CVE-2026-6903
CVE
CVE-2026-6662
CVE
CVE-2026-6508
CVE
CVE-2026-6339
CVE
CVE-2026-6143
CVE
CVE-2026-5918
CVE
CVE-2026-5899
◉
Nuclei Scanner Templates
2
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
high
Microsoft SharePoint - Remote Code Execution
unknown
postMessage - Cross-Site Scripting
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin