CWE-790: Improper Filtering of Special Elements
The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
Last updated
CWE-790 (Improper Filtering of Special Elements) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
12 recorded CVEs are caused by CWE-790 (Improper Filtering of Special Elements). The highest-severity and most recent are shown first. 3 new CWE-790 CVEs have been recorded so far in 2026 (1 in 2025).
Backend Access Due to Insufficient Input Validation
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths
Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
Enterprise Protection Backslash URL Rewrite Bypass
Stored XSS in process management
What can happen when CWE-790 is exploited.
Unexpected State
Affects: Integrity
Typically introduced during these phases of the software lifecycle.
Illustrative examples from MITRE showing how the weakness appears in code.
The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
Vulnerable example
my $Username = GetUntrustedInput();Attack input
../../../etc/passwdResulting query
../../etc/passwdResulting query
/home/user/../../etc/passwdCommon questions about CWE-790.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-790 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.