Base weakness

Incomplete

CWE-437: Incomplete Model of Endpoint Features

A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.

Last updated May 1, 2026

4

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-437 (Incomplete Model of Endpoint Features) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

4 recorded CVEs are caused by CWE-437 (Incomplete Model of Endpoint Features). The highest-severity and most recent are shown first. 0 new CWE-437 CVEs have been recorded so far in 2026 (2 in 2025).

CVE-2016-8365

Unscored · EPSS 29th

2018-04-03

Common consequences

What can happen when CWE-437 is exploited.

Unexpected State, Varies by Context

Affects: Integrity, Other

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

HTTP request smuggling is an attack against an intermediary such as a proxy. This attack works because the proxy expects the client to parse HTTP headers one way, but the client parses them differently.

Anti-virus products that reside on mail servers can suffer from this issue if they do not know how a mail client will handle a particular attachment. The product might treat an attachment type as safe, not knowing that the client's configuration treats it as executable.

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2024-55629 — network-based IDS does not model how TCP endpoints handle TCP urgent data, allowing attackers to bypass detection

Terminology & mappings

Mapped taxonomies

PLOVER: Extra Unhandled Features

Frequently asked questions

Common questions about CWE-437.

What is CWE-437?

A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.

What CVEs are caused by CWE-437?

4 recorded CVEs are attributed to CWE-437, including CVE-2024-57176, CVE-2024-55629, CVE-2023-20084.

What are the consequences of CWE-437?

Exploiting CWE-437 can lead to: Unexpected State, Varies by Context.

Is CWE-437 actively exploited?

4 recorded CVEs are caused by CWE-437; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-437

Get alerted the moment a new CWE-437 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing