CWE-1426: Improper Validation of Generative AI Output
The product invokes a generative AI/ML component whose behaviors and outputs cannot be directly controlled, but the product does not validate or insufficiently validates the outputs to ensure that they align with the intended security, content, or privacy policy.
Last updated
Overview
CWE-1426 (Improper Validation of Generative AI Output) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
2 recorded CVEs are caused by CWE-1426 (Improper Validation of Generative AI Output). The highest-severity and most recent are shown first. 0 new CWE-1426 CVEs have been recorded so far in 2026 (2 in 2025).
Common consequences
What can happen when CWE-1426 is exploited.
Execute Unauthorized Code or Commands, Varies by Context
Affects: Integrity