The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

What CVEs are caused by CWE-791?

21 recorded CVEs are attributed to CWE-791, including CVE-2025-0324, CVE-2024-47590, CVE-2026-44232.

What are the consequences of CWE-791?

Exploiting CWE-791 can lead to: Unexpected State.

Is CWE-791 actively exploited?

21 recorded CVEs are caused by CWE-791; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-791: Incomplete Filtering of Special Elements

Last updated May 1, 2026

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.

Vulnerable example

perl

my $Username = GetUntrustedInput();

Attack input

plaintext

../../../etc/passwd

Resulting query

plaintext

../../etc/passwd

Resulting query

plaintext

/home/user/../../etc/passwd

CWE-791: Incomplete Filtering of Special Elements

CWE-791: Incomplete Filtering of Special Elements

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Frequently asked questions

What is CWE-791?

What CVEs are caused by CWE-791?

What are the consequences of CWE-791?

Is CWE-791 actively exploited?

References

Stay ahead of CWE-791

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-791?

What CVEs are caused by CWE-791?

What are the consequences of CWE-791?

Is CWE-791 actively exploited?

References

Stay ahead of CWE-791