CWE-176: Improper Handling of Unicode Encoding
The product does not properly handle when an input contains Unicode encoding.
Last updated
Overview
CWE-176 (Improper Handling of Unicode Encoding) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
25 recorded CVEs are caused by CWE-176 (Improper Handling of Unicode Encoding), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 14 new CWE-176 CVEs have been recorded so far in 2026 (2 in 2025).