Cyber Resilience

CWE · MITRE source

CWE-436Interpretation Conflict

Abstraction: Class · CVEs in our corpus: 115

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 6 mapping(s) from 3 framework(s): CAPEC 3 (partial) · ATT&CK 2 (partial) · OWASP-Web 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A06:2025 Insecure Design.

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2025-48384 KEV UPD10.08.00.02782025-07-08
CVE-2021-284748.08.80.50632021-05-11
CVE-2022-374368.05.30.57942023-01-17
CVE-2025-252928.09.80.63792025-03-12
CVE-2019-195897.09.80.01772019-12-05
CVE-2019-187927.09.10.02522020-01-06
CVE-2020-101807.09.80.01652020-03-05
CVE-2021-453277.09.80.02142022-02-08
CVE-2023-248137.010.00.02492023-02-07
CVE-2024-384287.09.10.00672024-06-16
CVE-2025-252917.09.80.19512025-03-12
CVE-2026-338077.09.10.00432026-04-15
CVE-2026-338087.09.10.00482026-04-15
CVE-2026-62707.09.10.00502026-04-16
CVE-2026-412487.09.10.00322026-04-24
CVE-2026-8034 UPD7.09.80.00382026-05-07
CVE-2026-141987.09.10.00302026-07-01
CVE-2018-65605.58.80.00422018-02-02
CVE-2018-199665.58.80.00442018-12-08
CVE-2019-00525.57.50.01842019-07-11
CVE-2019-175965.57.50.04692019-10-24
CVE-2020-93625.57.80.01492020-02-24
CVE-2020-93635.57.80.00952020-02-24
CVE-2020-101935.57.50.01352020-03-06
CVE-2020-32005.57.70.01722020-06-03