CWE · MITRE source
CWE-565Reliance on Cookies without Validation and Integrity Checking
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Last updated: 19 May 2026 22:20 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2023-35885 | 7.6 | 9.8 | 0.9412 | 2023-06-20 |
CVE-2020-7070 | 2.4 | 4.3 | 0.2609 | 2020-10-02 |
CVE-2008-5784 UPD | 2.3 | 9.8 | 0.0579 | 2008-12-31 |
CVE-2017-7279 UPD | 2.2 | 9.8 | 0.0446 | 2017-04-12 |
CVE-2019-7266 | 2.2 | 9.8 | 0.0383 | 2019-07-02 |
CVE-2018-5455 | 2.0 | 9.8 | 0.0045 | 2018-03-05 |
CVE-2018-5190 | 2.0 | 9.8 | 0.0044 | 2018-04-17 |
CVE-2018-20512 | 2.0 | 9.8 | 0.0072 | 2019-01-03 |
CVE-2021-28171 | 2.0 | 9.8 | 0.0027 | 2021-04-06 |
CVE-2022-28113 | 2.0 | 7.2 | 0.0878 | 2022-04-15 |
CVE-2022-38297 | 2.0 | 9.8 | 0.0044 | 2022-09-12 |
CVE-2023-3050 | 2.0 | 9.8 | 0.0004 | 2023-06-13 |
CVE-2023-41084 | 2.0 | 10.0 | 0.0007 | 2023-09-18 |
CVE-2023-45128 | 2.0 | 10.0 | 0.0015 | 2023-10-16 |
CVE-2023-32725 | 2.0 | 9.6 | 0.0106 | 2023-12-18 |
CVE-2024-28288 | 2.0 | 9.8 | 0.0010 | 2024-03-30 |
CVE-2024-0947 | 2.0 | 9.8 | 0.0013 | 2024-06-27 |
CVE-2025-2395 | 2.0 | 9.8 | 0.0123 | 2025-03-17 |
CVE-2025-14440 | 2.0 | 9.8 | 0.0014 | 2025-12-13 |
CVE-2025-65212 | 2.0 | 9.8 | 0.0011 | 2026-01-06 |
CVE-2022-50926 | 2.0 | 9.8 | 0.0014 | 2026-01-13 |
CVE-2014-125112 UPD | 2.0 | 9.8 | 0.0013 | 2026-03-26 |
CVE-2026-39324 | 2.0 | 9.8 | 0.0006 | 2026-04-07 |
CVE-2017-6896 UPD | 1.9 | 8.8 | 0.0252 | 2017-03-14 |
CVE-2012-5631 | 1.8 | 8.8 | 0.0051 | 2019-11-25 |