CWE-229: Improper Handling of Values

Overview

CWE-229 (Improper Handling of Values) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

16 recorded CVEs are caused by CWE-229 (Improper Handling of Values). The highest-severity and most recent are shown first. 4 new CWE-229 CVEs have been recorded so far in 2026 (1 in 2025).

Showing 12 of 16 recorded CWE-229 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-229 vulnerabilities

Common consequences

What can happen when CWE-229 is exploited.

Unexpected State

Affects: Integrity

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

How this weakness relates to others in the CWE hierarchy.

Parent

CWE-228: Improper Handling of Syntactically Invalid Structure

Child

Frequently asked questions

Common questions about CWE-229.

What is CWE-229?

The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

What CVEs are caused by CWE-229?

16 recorded CVEs are attributed to CWE-229, including CVE-2022-4851, CVE-2025-7964, CVE-2026-45602.

What are the consequences of CWE-229?

Exploiting CWE-229 can lead to: Unexpected State.

Is CWE-229 actively exploited?

16 recorded CVEs are caused by CWE-229; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.