CWE-142: Improper Neutralization of Value Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component.
Last updated
Overview
As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.
Real-world CVEs
2 recorded CVEs are caused by CWE-142 (Improper Neutralization of Value Delimiters). The highest-severity and most recent are shown first. 0 new CWE-142 CVEs have been recorded so far in 2026 (2 in 2025).
Common consequences
What can happen when CWE-142 is exploited.
Unexpected State
Affects: Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.