What are the consequences of CWE-793?

Exploiting CWE-793 can lead to: Unexpected State.

Variant weakness

Incomplete

CWE-793: Only Filtering One Instance of a Special Element

The product receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component.

Last updated May 1, 2026

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Incomplete filtering of this nature may be location-dependent, as in only the first or last element is filtered.

Common consequences

What can happen when CWE-793 is exploited.

Unexpected State

Affects: Integrity

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.

Vulnerable example

perl

my $Username = GetUntrustedInput();

Attack input

plaintext

../../../etc/passwd

Resulting query

plaintext

../../etc/passwd

Resulting query

plaintext

/home/user/../../etc/passwd

CWE-793: Only Filtering One Instance of a Special Element

Overview

Common consequences

How it happens

When it is introduced

Code examples

Parent

Frequently asked questions

What is CWE-793?

What are the consequences of CWE-793?

References

Stay ahead of CWE-793

Related weaknesses

Overview

Common consequences

How it happens

When it is introduced

Code examples

Related weaknesses

Parent

Frequently asked questions

What is CWE-793?

What are the consequences of CWE-793?

References

Stay ahead of CWE-793