CWE-351: Insufficient Type Distinction
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
Last updated
Overview
CWE-351 (Insufficient Type Distinction) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
14 recorded CVEs are caused by CWE-351 (Insufficient Type Distinction), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 2 new CWE-351 CVEs have been recorded so far in 2026 (6 in 2025).
- CVE-2023-38831CISA KEVHigh · CVSS 8.4 · EPSS 100th2023-08-23
- CVE-2025-30510
Growatt Cloud portal Insufficient Type Distinction
Critical · CVSS 9.3 · EPSS 15th2025-04-15 - CVE-2025-54413
skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time