Cyber Resilience

CWE · MITRE source

CWE-183Permissive List of Allowed Inputs

Abstraction: Base · CVEs in our corpus: 37

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 7 mapping(s) from 4 framework(s): CAPEC 4 (partial) · ASVS 5.0 1 (mostly) · OWASP-Web 1 (mostly) · ATT&CK 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A06:2025 Insecure Design.

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2026-34907.010.00.00622026-06-17
CVE-2026-543167.09.10.00402026-06-23
CVE-2020-256965.57.50.02592020-11-23
CVE-2024-1654 UPD5.57.20.01312024-03-14
CVE-2025-24349 UPD5.57.10.00482025-04-30
CVE-2025-53762 UPD5.58.70.00742025-07-18
CVE-2025-594575.57.70.00752025-09-17
CVE-2026-339795.58.20.00382026-03-27
CVE-2026-42043 UPD5.57.20.00662026-04-24
CVE-2026-413875.57.80.00242026-04-28
CVE-2026-29514 UPD5.58.80.00782026-05-04
CVE-2026-501895.57.20.00272026-06-24
CVE-2026-466085.57.40.00402026-06-25
CVE-2020-16943.54.90.01642020-09-16
CVE-2021-347873.55.30.01002021-10-27
CVE-2021-401283.55.30.00952021-11-04
CVE-2022-231583.56.00.00692022-04-01
CVE-2022-344503.56.70.00422023-02-11
CVE-2022-424693.54.30.00442023-04-11
CVE-2023-43993.56.60.01082023-10-17
CVE-2023-72503.55.30.00932024-03-18
CVE-2024-385223.56.30.00352024-06-28
CVE-2024-475653.54.30.00372024-10-08
CVE-2026-23023.56.50.00202026-02-10
CVE-2026-23033.56.50.00222026-02-10