CWE-1426: Improper Validation of Generative AI Output
The product invokes a generative AI/ML component whose behaviors and outputs cannot be directly controlled, but the product does not validate or insufficiently validates the outputs to ensure that they align with the intended security, content, or privacy policy.
Last updated
Overview
CWE-1426 (Improper Validation of Generative AI Output) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
2 recorded CVEs are caused by CWE-1426 (Improper Validation of Generative AI Output). The highest-severity and most recent are shown first. 0 new CWE-1426 CVEs have been recorded so far in 2026 (2 in 2025).
Common consequences
What can happen when CWE-1426 is exploited.
Execute Unauthorized Code or Commands, Varies by Context
Affects: Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1426, grouped by where in the lifecycle they apply.
Since the output from a generative AI component (such as an LLM) cannot be trusted, ensure that it operates in an untrusted or non-privileged space.
Use "semantic comparators," which are mechanisms that provide semantic comparison to identify objects that might appear different but are semantically similar.
Use components that operate externally to the system to monitor the output and act as a moderator. These components are called different terms, such as supervisors or guardrails.
During model training, use an appropriate variety of good and bad examples to guide preferred outputs.
How to detect it
Dynamic Analysis with Manual Results Interpretation
Use known techniques for prompt injection and other attacks, and adjust the attacks to be more specific to the model or system.
Dynamic Analysis with Automated Results Interpretation
Use known techniques for prompt injection and other attacks, and adjust the attacks to be more specific to the model or system.
Architecture or Design Review
Review of the product design can be effective, but it works best in conjunction with dynamic analysis.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2024-3402 — chain: GUI for ChatGPT API performs input validation but does not properly "sanitize" or validate model output data (CWE-1426), leading to XSS (CWE-79).
Frequently asked questions
Common questions about CWE-1426.
- What is CWE-1426?
- The product invokes a generative AI/ML component whose behaviors and outputs cannot be directly controlled, but the product does not validate or insufficiently validates the outputs to ensure that they align with the intended security, content, or privacy policy.
- What CVEs are caused by CWE-1426?
- 2 recorded CVEs are attributed to CWE-1426, including CVE-2025-31363, CVE-2025-55074.
- How do you prevent CWE-1426?
- Since the output from a generative AI component (such as an LLM) cannot be trusted, ensure that it operates in an untrusted or non-privileged space.
- How is CWE-1426 detected?
- Dynamic Analysis with Manual Results Interpretation: Use known techniques for prompt injection and other attacks, and adjust the attacks to be more specific to the model or system.
- What are the consequences of CWE-1426?
- Exploiting CWE-1426 can lead to: Execute Unauthorized Code or Commands, Varies by Context.
- Is CWE-1426 actively exploited?
- 2 recorded CVEs are caused by CWE-1426; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1426) (opens in a new tab)
- CWE-1426 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1426
Get alerted the moment a new CWE-1426 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.