CWE-1288: Improper Validation of Consistency within Input
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
Last updated
Overview
Some input data can be structured with multiple elements or fields that must be consistent with each other, e.g. a number-of-items field that is followed by the expected number of elements. When such complex inputs are inconsistent, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities.
Real-world CVEs
24 recorded CVEs are caused by CWE-1288 (Improper Validation of Consistency within Input). The highest-severity and most recent are shown first. 7 new CWE-1288 CVEs have been recorded so far in 2026 (5 in 2025).
- CVE-2026-31709
smb: client: validate the whole DACL before rewriting it in cifsacl
Critical · CVSS 9.3 · EPSS 17th2026-05-01 - CVE-2024-39515High · CVSS 8.7 · EPSS 37th2024-10-09
- CVE-2024-25951High · CVSS 8.0 · EPSS 53th2024-03-09
- CVE-2026-42982
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
High · CVSS 7.8 · EPSS 20th2026-07-14 - CVE-2026-46117
RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
High · CVSS 7.8 · EPSS 3th2026-05-28 - CVE-2024-27371High · CVSS 7.8 · EPSS 10th2024-06-05
- CVE-2024-27375High · CVSS 7.8 · EPSS 10th2024-06-05
- CVE-2022-50976
Innomic VibroLine Configurator and avibia Configurator allow unintended device reset via USB
High · CVSS 7.7 · EPSS 4th2026-02-02 - CVE-2025-9999
Improper validation of payload elements
High · CVSS 7.6 · EPSS 5th2025-09-05 - CVE-2021-41531High · CVSS 7.5 · EPSS 57th2021-09-21
- CVE-2024-31136High · CVSS 7.4 · EPSS 42th2024-03-28
- CVE-2025-46722
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
High · CVSS 7.3 · EPSS 18th2025-05-29
Showing 12 of 24 recorded CWE-1288 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-1288 vulnerabilitiesCommon consequences
What can happen when CWE-1288 is exploited.
Varies by Context
Affects: Other
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-1288, grouped by where in the lifecycle they apply.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Effectiveness: High
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2018-16733 — product does not validate that the start block appears before the end block
- CVE-2006-3790 — size field that is inconsistent with packet size leads to buffer over-read
- CVE-2008-4114 — system crash with offset value that is inconsistent with packet size
Frequently asked questions
Common questions about CWE-1288.
- What is CWE-1288?
- The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
- What CVEs are caused by CWE-1288?
- 24 recorded CVEs are attributed to CWE-1288, including CVE-2026-31709, CVE-2024-39515, CVE-2024-25951.
- How do you prevent CWE-1288?
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- What are the consequences of CWE-1288?
- Exploiting CWE-1288 can lead to: Varies by Context.
- Is CWE-1288 actively exploited?
- 24 recorded CVEs are caused by CWE-1288; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1288) (opens in a new tab)
- CWE-1288 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1288
Get alerted the moment a new CWE-1288 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.