CWE-791: Incomplete Filtering of Special Elements
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
Last updated
CWE-791 (Incomplete Filtering of Special Elements) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
22 recorded CVEs are caused by CWE-791 (Incomplete Filtering of Special Elements). The highest-severity and most recent are shown first. 8 new CWE-791 CVEs have been recorded so far in 2026 (5 in 2025).
dssrf: every IPv6 category bypasses is_url_safe
AngularJS XSS via SCE resource URL sanitization bypass
pf can overflow the stack parsing crafted SCTP packets
Denial-of-Service via SVG Rendering in Ticket
Showing 12 of 22 recorded CWE-791 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-791 vulnerabilitiesWhat can happen when CWE-791 is exploited.
Unexpected State
Affects: Integrity
Typically introduced during these phases of the software lifecycle.
Illustrative examples from MITRE showing how the weakness appears in code.
The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
Vulnerable example
my $Username = GetUntrustedInput();Attack input
../../../etc/passwdResulting query
../../etc/passwdResulting query
/home/user/../../etc/passwdCommon questions about CWE-791.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-791 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.