CVEbaza.plCWE DictionaryCWE-454
Common Weakness Enumeration

CWE-454

External Initialization of Trusted Variables or Data Stores

Category: BaseCVE: 3
Description

The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.

Extended Description

A product system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.

CVE vulnerabilities with CWE-454 (3)
8.1
CVSS
HIGH
CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

pub. 2026-03-10
7.4
CVSS
HIGH
CVE-2025-36244

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

pub. 2025-09-16
6.3
CVSS
MEDIUM
CVE-2026-48980

pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or remote, and a PAM module that runs in the context of setuid binaries (sudo, su), getenv() returns attacker-controlled values whenever the process environment has been manipulated by a local user. This issue has been fixed in version 0.9.2.

pub. 2026-06-18
Information
ID: CWE-454
Type: Base
Vulnerabilities: 3
MITRE CWE ↗
← CWE Dictionary
CWE-454 — External Initialization of Trusted Variables or Data Stores | CWE Dictionary | CVEbaza.pl