Description
The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.
Extended Description
A product system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.
CVE vulnerabilities with CWE-454 (3)
8.1
CVSS
HIGH
CVE-2026-26148
pub. 2026-03-10
7.4
CVSS
HIGH
CVE-2025-36244
pub. 2025-09-16
6.3
CVSS
MEDIUM
CVE-2026-48980
pub. 2026-06-18