Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2026-26062 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062)
CVE-2026-44425 Vulnerability in github.com/shellhub-io/shellhub (CVE-2026-44425)
CVE-2026-45055 Vulnerability in CVE-2026-45055 (CVE-2026-45055)
CVE-2026-44379 Vulnerability in misp (CVE-2026-44379)
CVE-2026-42579 Vulnerability in io.netty:netty-codec-dns (CVE-2026-42579)
CVE-2026-0238 Vulnerability in CVE-2026-0238 (CVE-2026-0238)
CVE-2026-2695 Vulnerability in CVE-2026-2695 (CVE-2026-2695)
CVE-2026-45137 Vulnerability in anchor-lang (CVE-2026-45137)
CVE-2026-8369 Vulnerability in CVE-2026-8369 (CVE-2026-8369)
CVE-2026-42544 Vulnerability in granian (CVE-2026-42544)
CVE-2026-34679 Vulnerability in adobe (CVE-2026-34679)
CVE-2026-34685 Vulnerability in adobe (CVE-2026-34685)
CVE-2026-34688 Vulnerability in adobe (CVE-2026-34688)
CVE-2026-34666 Vulnerability in adobe (CVE-2026-34666)
CVE-2026-34668 Vulnerability in adobe (CVE-2026-34668)
CVE-2026-34669 Vulnerability in adobe (CVE-2026-34669)
CVE-2026-34670 Vulnerability in adobe (CVE-2026-34670)
CVE-2026-23825 Vulnerability in arubanetworks (CVE-2026-23825)
CVE-2026-20767 Vulnerability in intel (CVE-2026-20767)
CVE-2026-44343 Vulnerability in wgdashboard (CVE-2026-44343)
CVE-2026-44204 Vulnerability in sqli (CVE-2026-44204)
CVE-2026-35433 Vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433)
CVE-2026-32177 Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-43989 Vulnerability in CVE-2026-43989 (CVE-2026-43989)
CVE-2026-20905 Vulnerability in dos (CVE-2026-20905)
CVE-2026-20717 Vulnerability in dos (CVE-2026-20717)
CVE-2025-35990 Vulnerability in CVE-2025-35990 (CVE-2025-35990)
CVE-2026-41293 Vulnerability in tomcat (CVE-2026-41293)
CVE-2026-44294 Vulnerability in protobufjs (CVE-2026-44294)
CVE-2026-8391 Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →