Log inLog in

Base weakness

Incomplete

CWE-115: Misinterpretation of Input

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Last updated May 1, 2026

25

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-115 (Misinterpretation of Input) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

25 recorded CVEs are caused by CWE-115 (Misinterpretation of Input). The highest-severity and most recent are shown first. 0 new CWE-115 CVEs have been recorded so far in 2026 (8 in 2025).

CVE-2022-3224

Critical · CVSS 9.4 · EPSS 57th

2022-09-15

CVE-2021-1587

High · CVSS 8.6 · EPSS 69th

2021-08-25

CVE-2023-0880

High · CVSS 8.3 · EPSS 60th

2023-02-17

CVE-2025-5747

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability

High · CVSS 8.0 · EPSS 53th

2025-06-06

CVE-2025-32908

Libsoup: denial of service on libsoup through http/2 server

High · CVSS 7.5 · EPSS 32th

2025-04-14

CVE-2024-11169

High · CVSS 7.5 · EPSS 76th

2025-03-20

CVE-2021-0207

High · CVSS 7.5 · EPSS 61th

2021-01-15

CVE-2022-20915

Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability

High · CVSS 7.4 · EPSS 29th

2022-10-10

CVE-2025-54584

GitProxy is vulnerable to a packfile parsing exploit

High · CVSS 7.0 · EPSS 46th

2025-07-30

Showing 12 of 25 recorded CWE-115 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-115 vulnerabilities

Common consequences

What can happen when CWE-115 is exploited.

Unexpected State

Affects: Integrity

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

How to detect it

Fuzzing

Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

Effectiveness: High

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2005-2225 — Product sees dangerous file extension in free text of a group discussion, disconnects all users.
CVE-2001-0003 — Product does not correctly import and process security settings from another product.

Terminology & mappings

Mapped taxonomies

PLOVER: Misinterpretation Error

Frequently asked questions

Common questions about CWE-115.

What is CWE-115?

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

What CVEs are caused by CWE-115?

25 recorded CVEs are attributed to CWE-115, including CVE-2020-29509, CVE-2020-29511, CVE-2020-29510.

How is CWE-115 detected?

Fuzzing: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

What are the consequences of CWE-115?

Exploiting CWE-115 can lead to: Unexpected State.

Is CWE-115 actively exploited?

25 recorded CVEs are caused by CWE-115; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-115

Get alerted the moment a new CWE-115 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing