目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-346 源验证错误 类漏洞列表 178

CWE-346 源验证错误 类弱点 178 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-346 属于源验证错误漏洞,指产品未能正确验证数据或通信来源的有效性。攻击者通常通过伪造请求源或篡改通信上下文,诱导系统处理恶意数据,从而绕过安全控制或执行未授权操作。开发者应实施严格的源验证机制,如校验请求头、使用数字签名或验证通信通道,确保数据确实来自可信且预期的源头,以杜绝此类风险。

MITRE CWE 官方描述
CWE:CWE-346 来源验证错误(Origin Validation Error) 英文:产品未能正确验证数据来源或通信来源的有效性。
常见影响 (1)
Access Control, OtherGain Privileges or Assume Identity, Varies by Context
An attacker can access any functionality that is inadvertently accessible to the source.
代码示例 (2)
This Android application will remove a user account when it receives an intent to do so:
IntentFilter filter = new IntentFilter("com.example.RemoveUser"); MyReceiver receiver = new MyReceiver(); registerReceiver(receiver, filter); public class DeleteReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { int userID = intent.getIntExtra("userID"); destroyUserData(userID); } }
Bad · Java
These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:
// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }
Bad · Java
// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }
Bad · Objective-C
CVE ID标题CVSS风险等级Published
CVE-2026-47265 AIOHTTP 跨域重定向漏洞 — aiohttp--2026-06-02
CVE-2026-45021 Kuma 安全漏洞 — kuma--2026-05-28
CVE-2025-66593 Synology Assistant 访问控制错误漏洞 — Synology Assistant 6.1 Medium2026-05-27
CVE-2025-66592 Synology Active Backup for Business Agent 访问控制错误漏洞 — Synology Active Backup for Business Agent 6.1 Medium2026-05-27
CVE-2025-13593 Synology ActiveProtect Agent 访问控制错误漏洞 — ActiveProtect Agent 6.1 Medium2026-05-27
CVE-2026-44985 Dozzle 访问控制错误漏洞 — dozzle--2026-05-26
CVE-2026-42901 Microsoft Entra ID 访问控制错误漏洞 — Microsoft Entra 10.0 Critical2026-05-22
CVE-2026-45207 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-45206 Trend Micro TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34930 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34929 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34928 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-34927 Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2025-71213 Trend Micro Apex One 访问控制错误漏洞 — TrendAI Apex One 7.8 High2026-05-21
CVE-2026-2611 MLflow 访问控制错误漏洞 — mlflow/mlflow--2026-05-19
CVE-2026-6339 Mattermost 访问控制错误漏洞 — Mattermost 4.3 Medium2026-05-18
CVE-2026-46728 DENX Software Engineering Das U-Boot 访问控制错误漏洞 — U-Boot 8.2 High2026-05-16
CVE-2026-42559 RMCP 访问控制错误漏洞 — rust-sdk 8.8 High2026-05-14
CVE-2026-44184 Cleanuparr 访问控制错误漏洞 — Cleanuparr 8.0 High2026-05-12
CVE-2026-6508 Tubitak Ulakbim LiderAhenk Software 访问控制错误漏洞 — Liderahenk 9.8 Critical2026-05-07
CVE-2026-43870 Apache Thrift 路径遍历漏洞 — Apache Thrift 7.5 -2026-05-05
CVE-2026-7439 AgentFlow 访问控制错误漏洞 — AgentFlow 4.4 Medium2026-04-29
CVE-2026-41398 OpenClaw 访问控制错误漏洞 — OpenClaw 4.6 Medium2026-04-28
CVE-2026-41393 OpenClaw 访问控制错误漏洞 — OpenClaw 4.8 Medium2026-04-28
CVE-2026-41376 OpenClaw 访问控制错误漏洞 — OpenClaw 5.4 Medium2026-04-28
CVE-2026-41358 OpenClaw 访问控制错误漏洞 — OpenClaw 5.4 Medium2026-04-23
CVE-2026-41342 OpenClaw 访问控制错误漏洞 — OpenClaw 7.3 High2026-04-23
CVE-2026-41057 WWBN AVideo 访问控制错误漏洞 — AVideo 7.1 High2026-04-21
CVE-2026-40594 pyLoad 安全漏洞 — pyload 4.8 Medium2026-04-21
CVE-2026-35577 Apollo MCP Server 访问控制错误漏洞 — apollo-mcp-server 6.8 Medium2026-04-09

CWE-346(源验证错误) 是常见的弱点类别,本平台收录该类弱点关联的 178 条 CVE 漏洞。