Log inLog in

This weakness has been marked Deprecated by MITRE. It is kept here for reference; see the related weaknesses below for current alternatives.

Base weakness

Deprecated

CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters

This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.

Last updated May 1, 2026

34

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-92 (DEPRECATED: Improper Sanitization of Custom Special Characters) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

34 recorded CVEs are caused by CWE-92 (DEPRECATED: Improper Sanitization of Custom Special Characters). The highest-severity and most recent are shown first.

CVE-2023-42429

High · CVSS 7.5 · EPSS 5th

2024-01-19

CVE-2022-29510

High · CVSS 7.5 · EPSS 9th

2023-11-14

CVE-2022-36372

High · CVSS 7.5 · EPSS 6th

2023-08-11

CVE-2022-43507

High · CVSS 7.5 · EPSS 44th

2023-05-10

CVE-2023-27504

High · CVSS 7.2 · EPSS 9th

2024-05-16

CVE-2024-34170

Medium · CVSS 6.9 · EPSS 8th

2024-11-13

CVE-2023-38655

Medium · CVSS 6.9 · EPSS 39th

2024-08-14

CVE-2023-43753

Medium · CVSS 6.8 · EPSS 5th

2024-09-16

CVE-2024-24580

Medium · CVSS 6.8 · EPSS 6th

2024-08-14

Showing 12 of 34 recorded CWE-92 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-92 vulnerabilities

Frequently asked questions

Common questions about CWE-92.

What is CWE-92?

This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.

What CVEs are caused by CWE-92?

34 recorded CVEs are attributed to CWE-92, including CVE-2024-23918, CVE-2023-25545, CVE-2022-29262.

Is CWE-92 actively exploited?

34 recorded CVEs are caused by CWE-92; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-92

Get alerted the moment a new CWE-92 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing