CWE · MITRE source
CWE-1385Missing Origin Validation in WebSockets
The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
WebSockets provide a bi-directional low latency communication (near real-time) between a client and a server. WebSockets are different than HTTP in that the connections are long-lived, as the channel will remain open until the client or the server is ready to send the message, whereas in HTTP, once the response occurs (which typically happens immediately), the transaction completes. A WebSocket can leverage the existing HTTP protocol over ports 80 and 443, but it is not limited to HTTP. WebSockets can make cross-origin requests that are not restricted by browser-based protection mechanisms such as the Same Origin Policy (SOP) or Cross-Origin Resource Sharing (CORS). Without explicit origin validation, this makes CSRF attacks more powerful.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 2 mapping(s) from 2 framework(s): ASVS 5.0 1 (full) · ATT&CK 1 (partial)
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-23168 | 7.0 | 9.8 | 0.0041 | 2024-08-15 |
CVE-2024-48849 | 7.0 | 9.4 | 0.0089 | 2025-01-29 |
CVE-2025-24964 | 7.0 | 9.6 | 0.0067 | 2025-02-04 |
CVE-2026-44211 UPD | 7.0 | 9.6 | 0.0018 | 2026-06-01 |
CVE-2023-0957 | 5.5 | 8.2 | 0.0042 | 2023-03-03 |
CVE-2023-26114 | 5.5 | 8.2 | 0.0034 | 2023-03-23 |
CVE-2023-30856 | 5.5 | 8.3 | 0.0035 | 2023-04-28 |
CVE-2023-2848 | 5.5 | 8.0 | 0.0031 | 2023-09-14 |
CVE-2025-54289 | 5.5 | 8.1 | 0.0019 | 2025-10-02 |
CVE-2025-68930 | 5.5 | 7.1 | 0.0054 | 2026-02-23 |
CVE-2026-35589 | 5.5 | 8.0 | 0.0016 | 2026-04-14 |
CVE-2026-34403 | 5.5 | 8.1 | 0.0018 | 2026-04-20 |
CVE-2014-125071 | 3.5 | 5.5 | 0.0040 | 2023-01-09 |
CVE-2023-2886 | 3.5 | 4.3 | 0.0021 | 2023-05-25 |
CVE-2023-2850 | 3.5 | 4.7 | 0.0028 | 2023-07-25 |
CVE-2023-49805 | 3.5 | 6.0 | 0.0038 | 2023-12-11 |
CVE-2023-32264 | 3.5 | 5.8 | 0.0017 | 2024-03-08 |
CVE-2025-24010 | 3.5 | 6.5 | 0.0028 | 2025-01-20 |
CVE-2024-8201 UPD | 3.5 | 5.4 | 0.0012 | 2025-05-16 |
CVE-2025-48068 UPD | 3.5 | 4.3 | 0.0017 | 2025-05-30 |
CVE-2025-36116 UPD | 3.5 | 6.3 | 0.0015 | 2025-07-23 |
CVE-2024-51775 UPD | 3.5 | 5.3 | 0.0024 | 2025-08-03 |
CVE-2025-61987 | 3.5 | 5.3 | 0.0014 | 2025-12-12 |
CVE-2026-21883 | 3.5 | 5.4 | 0.0016 | 2026-01-08 |
CVE-2026-22689 | 3.5 | 6.5 | 0.0021 | 2026-01-10 |