CWE-176: Improper Handling of Unicode Encoding
The product does not properly handle when an input contains Unicode encoding.
Last updated
Overview
CWE-176 (Improper Handling of Unicode Encoding) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
22 recorded CVEs are caused by CWE-176 (Improper Handling of Unicode Encoding), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 11 new CWE-176 CVEs have been recorded so far in 2026 (2 in 2025).
- CVE-2024-43093CISA KEVHigh · CVSS 7.0 · EPSS 34th2024-11-13
- CVE-2025-71316
SQLite sqldiff remote code execution via argument injection
Critical · CVSS 9.8 · EPSS 19th2026-06-04 - CVE-2006-10002
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes