CWE-1174: ASP.NET Misconfiguration: Improper Model Validation
The ASP.NET application does not use, or incorrectly uses, the model validation framework.
Last updated
Overview
CWE-1174 (ASP.NET Misconfiguration: Improper Model Validation) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
1 recorded CVEs are caused by CWE-1174 (ASP.NET Misconfiguration: Improper Model Validation). The highest-severity and most recent are shown first. 0 new CWE-1174 CVEs have been recorded so far in 2026 (1 in 2025).
Common consequences
What can happen when CWE-1174 is exploited.
Unexpected State
Affects: Integrity
Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.