The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

What CVEs are caused by CWE-184?

95 recorded CVEs are attributed to CWE-184, including CVE-2024-5217, CVE-2026-28363, CVE-2026-34415. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

How do you prevent CWE-184?

Do not rely exclusively on detecting disallowed inputs. There are too many variants to encode a character, especially when different environments are used, so there is a high likelihood of missing some variants. Only use detection of disallowed inputs as a mechanism for detecting suspicious activity. Ensure that you are using other protection mechanisms that only identify "good" input - such as lists of allowed inputs - and ensure that you are properly encoding your outputs.

How is CWE-184 detected?

Black Box: Exploitation of a vulnerability with commonly-used manipulations might fail, but minor variations might succeed.

What are the consequences of CWE-184?

Exploiting CWE-184 can lead to: Bypass Protection Mechanism.

Is CWE-184 actively exploited?

Yes. 1 CWE-184 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 95 recorded CVEs.

CWE-184: Incomplete List of Disallowed Inputs (Denylist / Deny List)

Real-world CVEs

95 recorded CVEs are caused by CWE-184 (Incomplete List of Disallowed Inputs), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 50 new CWE-184 CVEs have been recorded so far in 2026 (9 in 2025).

CVE-2024-5217
CISA KEV
Incomplete Input Validation in GlideExpression Script
Critical · CVSS 9.2 · EPSS 100th
2024-07-10
CVE-2026-28363
Critical · CVSS 9.9 · EPSS 38th
2026-02-27
CVE-2026-34415
Xerte Online Toolkits File Upload RCE via elfinder Connector
Critical · CVSS 9.8 · EPSS 48th
2026-04-22
CVE-2023-3374
Privilege Escalation in Bookreen
Critical · CVSS 9.8 · EPSS 43th
2023-09-05
CVE-2026-28783
Craft has a Twig Function Blocklist Bypass
Critical · CVSS 9.4 · EPSS 37th
2026-03-04
CVE-2023-45133
Critical · CVSS 9.4 · EPSS 40th
2023-10-12
CVE-2026-41264
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
Critical · CVSS 9.2 · EPSS 40th
2026-04-23
CVE-2026-43578
OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade
Critical · CVSS 9.1 · EPSS 20th
2026-05-06
CVE-2026-43566
OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events
Critical · CVSS 9.1 · EPSS 34th
2026-05-05
CVE-2026-34177
VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf
Critical · CVSS 9.1 · EPSS 28th
2026-04-09
CVE-2022-32763
Critical · CVSS 9.1 · EPSS 62th
2022-12-19
CVE-2026-22609
Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
High · CVSS 8.9 · EPSS 42th
2026-01-10

Showing 12 of 95 recorded CWE-184 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-184 vulnerabilities

CWE-184: Incomplete List of Disallowed Inputs (Denylist / Deny List)

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following code attempts to stop XSS attacks by removing all occurences of "script" in an input string.

Vulnerable example

java

public String removeScriptTags(String input, String mask) {

Because the code only checks for the lower-case "script" string, it can be easily defeated with upper-case script tags.

This example takes user input, passes it through an encoding scheme, then lists the contents of the user's home directory based on the user name.

Vulnerable example

perl

sub GetUntrustedInput {

Attack input

plaintext

' pwd

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2024-6091 — Chain: AI agent platform does not restrict pathnames containing internal "/./" sequences (CWE-55), leading to an incomplete denylist (CWE-184) that does not prevent OS command injection (CWE-78)
CVE-2024-4315 — Chain: API for text generation using Large Language Models (LLMs) does not include the "\" Windows folder separator in its denylist (CWE-184) when attempting to prevent Local File Inclusion via path traversal (CWE-22), allowing deletion of arbitrary files on Windows systems.
CVE-2024-44335 — Chain: filter only checks for some shell-injection characters (CWE-184), enabling OS command injection (CWE-78)
CVE-2008-2309 — product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning
CVE-2005-2782 — PHP remote file inclusion in web application that filters "http" and "https" URLs, but not "ftp".
CVE-2004-0542 — Programming language does not filter certain shell metacharacters in Windows environment.
CVE-2004-0595 — XSS filter doesn't filter null characters before looking for dangerous tags, which are ignored by web browsers. MIE and validate-before-cleanse.
CVE-2005-3287 — Web-based mail product doesn't restrict dangerous extensions such as ASPX on a web server, even though others are prohibited.
CVE-2004-2351 — Resultant XSS when only and are checked.
CVE-2005-2959 — Privileged program does not clear sensitive environment variables that are used by bash. Overlaps multiple interpretation error.
CVE-2005-1824 — SQL injection protection scheme does not quote the "\" special character.
CVE-2005-2184 — Detection of risky filename extensions prevents users from automatically executing .EXE files, but .LNK is accepted, allowing resultant Windows symbolic link.
CVE-2007-1343 — Product uses list of protected variables, but accidentally omits one dangerous variable, allowing external modification
CVE-2007-5727 — Chain: product only removes SCRIPT tags (CWE-184), enabling XSS (CWE-79)
CVE-2006-4308 — Chain: product only checks for use of "javascript:" tag (CWE-184), allowing XSS (CWE-79) using other tags
CVE-2007-3572 — Chain: OS command injection (CWE-78) enabled by using an unexpected character that is not explicitly disallowed (CWE-184)
CVE-2002-0661 — "\" not in list of disallowed values for web server, allowing path traversal attacks when the server is run on Windows and other OSes.

Real-world CVEs

CWE-184: Incomplete List of Disallowed Inputs

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Black Box

Code examples

Illustrative examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-184?

What CVEs are caused by CWE-184?

How do you prevent CWE-184?

How is CWE-184 detected?

What are the consequences of CWE-184?

Is CWE-184 actively exploited?

References

Stay ahead of CWE-184

Real-world CVEs

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Black Box

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Peer

Can precede

Related

Terminology & mappings

Alternate terms

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-184?

What CVEs are caused by CWE-184?

How do you prevent CWE-184?

How is CWE-184 detected?

What are the consequences of CWE-184?

Is CWE-184 actively exploited?

References

Stay ahead of CWE-184