Cyber Posture

CWE · MITRE source

CWE-184Incomplete List of Disallowed Inputs

Abstraction: Base · CVEs in our corpus: 110

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
SI-8Spam ProtectionSISpam filters rely on evolving blacklists, signatures, and heuristics of disallowed message patterns; keeping them updated per the control directly mitigates incomplete disallowed-input lists.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-5217 KEV9.69.80.94112024-07-10
CVE-2017-75256.79.80.79272018-02-06
CVE-2018-74894.19.80.36212018-02-26
CVE-2025-17162.99.80.16252025-02-26
CVE-2024-301032.78.80.14962024-06-11
CVE-2018-63832.58.80.12732018-01-29
CVE-2017-150952.59.80.08612018-02-06
CVE-2017-75402.09.80.00292017-07-21
CVE-2017-09092.09.80.00342017-11-16
CVE-2019-92122.09.80.00882019-02-27
CVE-2023-33742.09.80.00102023-09-05
CVE-2024-517452.010.00.00302024-11-05
CVE-2026-283632.09.90.00052026-02-27
CVE-2026-333962.09.90.00972026-03-26
CVE-2026-344152.09.80.00222026-04-22
CVE-2026-412642.09.80.00292026-04-23
CVE-2021-256311.98.80.01702021-05-03
CVE-2023-20171.98.80.02272023-04-17
CVE-2023-342531.98.80.02102023-06-14
CVE-2023-451331.99.30.00092023-10-12
CVE-2025-583611.99.30.00042025-09-04
CVE-2026-329401.99.30.00092026-03-20
CVE-2022-433961.88.80.00392022-12-30
CVE-2023-290031.88.80.00262023-04-04
CVE-2023-342521.88.80.00532023-06-14