A08:2025 Software or Data Integrity Failures
Code or data is trusted without integrity verification — insecure deserialization, unsigned updates, CI/CD compromise paths.
Related on the LLM side: OWASP Top 10 for LLMs LLM04:2025.
Member CWEs (14)
- CWE-345 Insufficient Verification of Data Authenticity
- CWE-353 Missing Support for Integrity Check
- CWE-426 Untrusted Search Path
- CWE-427 Uncontrolled Search Path Element
- CWE-494 Download of Code Without Integrity Check
- CWE-502 Deserialization of Untrusted Data
- CWE-506 Embedded Malicious Code
- CWE-509 Replicating Malicious Code (Virus or Worm)
- CWE-565 Reliance on Cookies without Validation and Integrity Checking
- CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
- CWE-829 Inclusion of Functionality from Untrusted Control Sphere
- CWE-830 Inclusion of Web Functionality from an Untrusted Source
- CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
- CWE-926 Improper Export of Android Application Components
Tagged CVEs (showing 50 most recent of 5,726)
- CVE-2026-8751
- CVE-2026-8735
- CVE-2026-8727
- CVE-2026-8612
- CVE-2026-8398
- CVE-2026-7818
- CVE-2026-7712
- CVE-2026-7689
- CVE-2026-7647
- CVE-2026-7637
- CVE-2026-7635
- CVE-2026-7611
- CVE-2026-7606
- CVE-2026-7597
- CVE-2026-7584
- CVE-2026-7373
- CVE-2026-7317
- CVE-2026-7309
- CVE-2026-7304
- CVE-2026-7301
- CVE-2026-7279
- CVE-2026-6986
- CVE-2026-6967
- CVE-2026-6912
- CVE-2026-6859
- CVE-2026-6857
- CVE-2026-6788
- CVE-2026-6498
- CVE-2026-6482
- CVE-2026-6443
- CVE-2026-6421
- CVE-2026-6366
- CVE-2026-6357
- CVE-2026-6023
- CVE-2026-6009
- CVE-2026-5708
- CVE-2026-5659
- CVE-2026-5536
- CVE-2026-5507
- CVE-2026-5473
- CVE-2026-5426
- CVE-2026-5397
- CVE-2026-5271
- CVE-2026-5251
- CVE-2026-5248
- CVE-2026-5130
- CVE-2026-5127
- CVE-2026-5055
- CVE-2026-4984
- CVE-2026-4962
Data: OWASP Top 10:2025 (CC BY-SA 4.0) · CWE memberships from cwe-api.mitre.org (meta-category CWE-1443).