CWE-156: Improper Neutralization of Whitespace
Also known as: White space
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component.
Last updated
Overview
This can include space, tab, etc.
Real-world CVEs
5 recorded CVEs are caused by CWE-156 (Improper Neutralization of Whitespace). The highest-severity and most recent are shown first. 0 new CWE-156 CVEs have been recorded so far in 2026 (5 in 2025).
- CVE-2025-6013
Vault LDAP MFA Enforcement Bypass When Using Username As Alias
High · CVSS 8.1 · EPSS 40th2025-08-06 - CVE-2025-55001
OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias
Medium · CVSS 6.5 · EPSS 13th2025-08-09 - CVE-2025-55000
OpenBao TOTP Secrets Engine Enables Code Reuse
Medium · CVSS 6.5 · EPSS 11th2025-08-09