- What is CWE-114?
- Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
- What CVEs are caused by CWE-114?
- 24 recorded CVEs are attributed to CWE-114, including CVE-2022-23748, CVE-2025-36250, CVE-2024-56346. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- How do you prevent CWE-114?
- Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it.
- How is CWE-114 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-114?
- Exploiting CWE-114 can lead to: Execute Unauthorized Code or Commands.
- Is CWE-114 actively exploited?
- Yes. 1 CWE-114 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 24 recorded CVEs.