Cyber Resilience

CWE · MITRE source

CWE-346Origin Validation Error

Abstraction: Class · CVEs in our corpus: 594

The product does not properly verify that the source of data or communication is valid.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 23 mapping(s) from 4 framework(s): CAPEC 12 (partial) · ATT&CK 7 (full) · STIG oracle linux 8 3 (mostly) · OWASP-Web 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A07:2025 Authentication Failures.

NIST 800-53 r5 controls that address this weakness (5)AI

Showing the 4 most specific. Generic controls that address many weakness types are collapsed below.

Control Title Family Why it addresses this CWE
SC-11Trusted PathSCTrusted path establishment enforces validation that the communication originates from and reaches only the intended trusted system components.
SC-20Secure Name/Address Resolution Service (Authoritative Source)SCEnforces validation of the true origin of DNS responses via signatures and chain-of-trust mechanisms.
SC-21Secure Name/Address Resolution Service (Recursive or Caching Resolver)SCEnforces origin validation of name/address data, eliminating reliance on unverified or impersonated DNS sources.
IA-9Service Identification and AuthenticationIARequires unique identification of the service before communications, addressing failures to validate the origin of the interaction.
Show 1 more broadly-applicable controls
SC-23Session AuthenticitySCMandates origin validation so that only legitimate endpoints can continue the authenticated session.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2015-4495 KEV10.08.80.70232015-08-08
CVE-2025-34291 KEV10.08.80.78892025-12-05
CVE-2009-11858.00.00.81532009-04-17
CVE-2020-169528.08.60.70892020-10-16
CVE-2023-297118.09.80.70312023-06-22
CVE-2024-23898 UPD8.08.80.66922024-01-24
CVE-2000-12187.09.80.06092000-04-14
CVE-2003-01747.09.80.00982003-05-12
CVE-2017-65197.09.10.03082017-05-01
CVE-2017-132747.09.80.00542018-04-04
CVE-2018-51167.09.80.01122018-06-11
CVE-2018-54007.09.10.00742018-10-08
CVE-2018-157237.09.80.03702018-12-20
CVE-2018-54097.09.80.01082019-05-08
CVE-2019-80697.09.80.04532019-09-12
CVE-2019-39807.09.80.05182019-10-08
CVE-2019-150207.09.80.00892019-10-09
CVE-2019-165177.09.80.01332020-01-23
CVE-2019-46407.09.80.00522020-02-19
CVE-2020-265277.09.80.00912020-10-02
CVE-2021-262917.09.10.08692021-04-23
CVE-2021-377057.010.00.02422021-08-13
CVE-2021-391857.09.10.00592021-09-01
CVE-2021-390637.09.10.00662021-12-13
CVE-2021-449357.09.10.00522021-12-14