CWE · MITRE source
CWE-565Reliance on Cookies without Validation and Integrity Checking
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 8 mapping(s) from 3 framework(s): ATT&CK 4 (full) · CAPEC 3 (partial) · OWASP-Web 1 (full)
OWASP Top 10 for Web (2025)
This weakness contributes to A08:2025 Software or Data Integrity Failures.
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2026-0257 KEV UPD | 10.0 | 9.1 | 0.8668 | 2026-05-13 |
CVE-2023-35885 | 8.0 | 9.8 | 0.7531 | 2023-06-20 |
CVE-2008-5784 | 7.0 | 9.8 | 0.0710 | 2008-12-31 |
CVE-2017-7279 | 7.0 | 9.8 | 0.0439 | 2017-04-12 |
CVE-2018-5455 | 7.0 | 9.8 | 0.0158 | 2018-03-05 |
CVE-2018-5190 | 7.0 | 9.8 | 0.0140 | 2018-04-17 |
CVE-2018-20512 | 7.0 | 9.8 | 0.0177 | 2019-01-03 |
CVE-2019-7266 | 7.0 | 9.8 | 0.0464 | 2019-07-02 |
CVE-2021-28171 | 7.0 | 9.8 | 0.0118 | 2021-04-06 |
CVE-2022-38297 | 7.0 | 9.8 | 0.0109 | 2022-09-12 |
CVE-2023-3050 | 7.0 | 9.8 | 0.0131 | 2023-06-13 |
CVE-2023-41084 | 7.0 | 10.0 | 0.0058 | 2023-09-18 |
CVE-2023-45128 | 7.0 | 10.0 | 0.0031 | 2023-10-16 |
CVE-2023-32725 | 7.0 | 9.6 | 0.0085 | 2023-12-18 |
CVE-2024-28288 UPD | 7.0 | 9.8 | 0.0072 | 2024-03-30 |
CVE-2024-0947 UPD | 7.0 | 9.8 | 0.0048 | 2024-06-27 |
CVE-2025-2395 | 7.0 | 9.8 | 0.0054 | 2025-03-17 |
CVE-2025-14440 | 7.0 | 9.8 | 0.0069 | 2025-12-13 |
CVE-2025-65212 | 7.0 | 9.8 | 0.0462 | 2026-01-06 |
CVE-2022-50926 | 7.0 | 9.8 | 0.0048 | 2026-01-13 |
CVE-2014-125112 | 7.0 | 9.8 | 0.0083 | 2026-03-26 |
CVE-2026-39324 | 7.0 | 9.8 | 0.0027 | 2026-04-07 |
CVE-2017-6896 | 5.5 | 8.8 | 0.0370 | 2017-03-14 |
CVE-2018-19224 | 5.5 | 7.5 | 0.0098 | 2018-11-12 |
CVE-2019-17104 | 5.5 | 7.5 | 0.0194 | 2019-10-08 |