CWE-348: Use of Less Trusted Source
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
Last updated
Overview
CWE-348 (Use of Less Trusted Source) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
43 recorded CVEs are caused by CWE-348 (Use of Less Trusted Source). The highest-severity and most recent are shown first. 13 new CWE-348 CVEs have been recorded so far in 2026 (13 in 2025).
- CVE-2026-44183
Cleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabled
Critical · CVSS 9.82026-05-12 - CVE-2025-59951
Termix' official Docker image contains an authentication bypass vulnerability
Critical · CVSS 9.22025-10-01 - CVE-2024-27773High · CVSS 8.82024-03-18