CWE-345: Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Last updated
Overview
CWE-345 (Insufficient Verification of Data Authenticity) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
331 recorded CVEs are caused by CWE-345 (Insufficient Verification of Data Authenticity), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 99 new CWE-345 CVEs have been recorded so far in 2026 (48 in 2025).
- CVE-2022-26871CISA KEVCritical · CVSS 9.3 · EPSS 97th2022-03-29
- CVE-2026-47691
Netty has Insufficient Bailiwick Validation for NS Records
Critical · CVSS 10.0 · EPSS 21th2026-06-12 - CVE-2026-45674
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
Critical · CVSS 10.0 · EPSS 13th2026-06-12 - CVE-2025-66570
cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)
Critical · CVSS 10.0 · EPSS 23th2025-12-05 - CVE-2022-3703Critical · CVSS 10.0 · EPSS 21th2022-11-10
- CVE-2026-48781
Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery
Critical · CVSS 9.9 · EPSS 11th2026-06-16 - CVE-2025-66255
Unauthenticated Arbitrary File Upload (upgrade_contents.php)
Critical · CVSS 9.9 · EPSS 26th2025-11-26 - CVE-2025-15385Critical · CVSS 9.8 · EPSS 10th2026-01-06
- CVE-2025-8038
CSP frame-src was not correctly enforced for paths
Critical · CVSS 9.8 · EPSS 13th2025-07-22 - CVE-2025-49199
Backup files can be modified and uploaded
Critical · CVSS 9.8 · EPSS 21th2025-06-12 - CVE-2024-11666Critical · CVSS 9.8 · EPSS 34th2024-11-24
- CVE-2024-45410Critical · CVSS 9.8 · EPSS 72th2024-09-19
Showing 12 of 331 recorded CWE-345 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-345 vulnerabilitiesCommon consequences
What can happen when CWE-345 is exploited.
Varies by Context, Unexpected State
Affects: Integrity, Other
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to detect it
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications.
Multiple vendors did not sign firmware images.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2022-30260 — Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks
- CVE-2022-30267 — Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks
- CVE-2022-30272 — Remote Terminal Unit (RTU) does not use signatures for firmware images and relies on insecure checksums
Terminology & mappings
Mapped taxonomies
- PLOVER: Insufficient Verification of Data
- OWASP Top Ten 2004: Broken Authentication and Session Management (A3) — CWE More Specific fit
- WASC: Content Spoofing (12)
Attack patterns
CAPEC attack patterns that exploit this weakness.
- CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
- CAPEC-141: Cache Poisoning
- CAPEC-142: DNS Cache Poisoning
- CAPEC-148: Content Spoofing
- CAPEC-218: Spoofing of UDDI/ebXML Messages
- CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
- CAPEC-385: Transaction or Event Tampering via Application API Manipulation
- CAPEC-386: Application API Navigation Remapping
- CAPEC-387: Navigation Remapping To Propagate Malicious Content
- CAPEC-388: Application API Button Hijacking
- CAPEC-665: Exploitation of Thunderbolt Protection Flaws
- CAPEC-701: Browser in the Middle (BiTM)
Frequently asked questions
Common questions about CWE-345.
- What is CWE-345?
- The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
- What CVEs are caused by CWE-345?
- 331 recorded CVEs are attributed to CWE-345, including CVE-2022-26871, CVE-2026-47691, CVE-2026-45674. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- Is CWE-345 part of the OWASP Top 10?
- CWE-345 maps to OWASP Top Ten 2004: Broken Authentication and Session Management (A3) in the OWASP security taxonomy.
- How is CWE-345 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-345?
- Exploiting CWE-345 can lead to: Varies by Context, Unexpected State.
- Is CWE-345 actively exploited?
- Yes. 1 CWE-345 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 331 recorded CVEs.
References
- MITRE CWE definition (CWE-345) (opens in a new tab)
- CWE-345 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-345
Get alerted the moment a new CWE-345 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.