目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-1426 类漏洞列表 3

CWE-1426 类弱点 3 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1426 指生成式 AI 输出验证不当漏洞。由于 AI 行为不可控,若系统未充分校验输出以符合安全、内容或隐私策略,攻击者可利用此缺陷注入恶意内容或泄露敏感数据。开发者应建立严格的输出过滤与验证机制,确保 AI 响应符合预期策略,从而有效防范此类风险。

MITRE CWE 官方描述
CWE:CWE-1426 对生成式AI输出的验证不当 英文:产品调用了生成式AI/ML组件,其行为和输出无法直接控制,但产品未对输出进行验证或验证不足,以确保输出与预期的安全、内容或隐私策略保持一致。
常见影响 (1)
IntegrityExecute Unauthorized Code or Commands, Varies by Context
In an agent-oriented setting, output could be used to cause unpredictable agent invocation, i.e., to control or influence agents that might be invoked from the output. The impact varies depending on the access that is granted to the tools, such as creating a database or wri…
缓解措施 (4)
Architecture and DesignSince the output from a generative AI component (such as an LLM) cannot be trusted, ensure that it operates in an untrusted or non-privileged space.
OperationUse "semantic comparators," which are mechanisms that provide semantic comparison to identify objects that might appear different but are semantically similar.
OperationUse components that operate externally to the system to monitor the output and act as a moderator. These components are called different terms, such as supervisors or guardrails.
Build and CompilationDuring model training, use an appropriate variety of good and bad examples to guide preferred outputs.
CVE ID标题CVSS风险等级Published
CVE-2025-55074 Mattermost 安全漏洞 — Mattermost 3.0 Low2025-11-18
CVE-2025-62453 Microsoft GitHub Copilot and Visual Studio Code 安全漏洞 — Visual Studio Code 5.0 Medium2025-11-11
CVE-2025-31363 Mattermost 安全漏洞 — Mattermost 3.0 Low2025-04-16

CWE-1426 是常见的弱点类别,本平台收录该类弱点关联的 3 条 CVE 漏洞。