CWE-145: Improper Neutralization of Section Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as section delimiters when they are sent to a downstream component.
Last updated
Overview
As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions. One example of a section delimiter is the boundary string in a multipart MIME message. In many cases, doubled line delimiters can serve as a section delimiter.
Real-world CVEs
1 recorded CVEs are caused by CWE-145 (Improper Neutralization of Section Delimiters). The highest-severity and most recent are shown first. 1 new CWE-145 CVE has been recorded so far in 2026.
Common consequences
What can happen when CWE-145 is exploited.
Unexpected State
Affects: Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.