Cyber Resilience

CWE · MITRE source

CWE-1385Missing Origin Validation in WebSockets

Abstraction: Variant · CVEs in our corpus: 30

The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.

WebSockets provide a bi-directional low latency communication (near real-time) between a client and a server. WebSockets are different than HTTP in that the connections are long-lived, as the channel will remain open until the client or the server is ready to send the message, whereas in HTTP, once the response occurs (which typically happens immediately), the transaction completes. A WebSocket can leverage the existing HTTP protocol over ports 80 and 443, but it is not limited to HTTP. WebSockets can make cross-origin requests that are not restricted by browser-based protection mechanisms such as the Same Origin Policy (SOP) or Cross-Origin Resource Sharing (CORS). Without explicit origin validation, this makes CSRF attacks more powerful.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 2 mapping(s) from 2 framework(s): ASVS 5.0 1 (full) · ATT&CK 1 (partial)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-231687.09.80.00412024-08-15
CVE-2024-488497.09.40.00892025-01-29
CVE-2025-249647.09.60.00672025-02-04
CVE-2026-44211 UPD7.09.60.00182026-06-01
CVE-2023-09575.58.20.00422023-03-03
CVE-2023-261145.58.20.00342023-03-23
CVE-2023-308565.58.30.00352023-04-28
CVE-2023-28485.58.00.00312023-09-14
CVE-2025-542895.58.10.00192025-10-02
CVE-2025-689305.57.10.00542026-02-23
CVE-2026-355895.58.00.00162026-04-14
CVE-2026-344035.58.10.00182026-04-20
CVE-2014-1250713.55.50.00402023-01-09
CVE-2023-28863.54.30.00212023-05-25
CVE-2023-28503.54.70.00282023-07-25
CVE-2023-498053.56.00.00382023-12-11
CVE-2023-322643.55.80.00172024-03-08
CVE-2025-240103.56.50.00282025-01-20
CVE-2024-8201 UPD3.55.40.00122025-05-16
CVE-2025-48068 UPD3.54.30.00172025-05-30
CVE-2025-36116 UPD3.56.30.00152025-07-23
CVE-2024-51775 UPD3.55.30.00242025-08-03
CVE-2025-619873.55.30.00142025-12-12
CVE-2026-218833.55.40.00162026-01-08
CVE-2026-226893.56.50.00212026-01-10