CWE-348: Use of Less Trusted Source
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
Last updated
Overview
CWE-348 (Use of Less Trusted Source) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
54 recorded CVEs are caused by CWE-348 (Use of Less Trusted Source). The highest-severity and most recent are shown first. 24 new CWE-348 CVEs have been recorded so far in 2026 (13 in 2025).
- CVE-2026-48772
ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL
Critical · CVSS 10.0 · EPSS 8th2026-06-19 - CVE-2026-44183
Cleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabled
Critical · CVSS 9.8 · EPSS 13th2026-05-12 - CVE-2022-31813Critical · CVSS 9.8 · EPSS 86th2022-06-08