CWE•Base•Incomplete•20 recent CVEs
CWE-1336Improper Neutralization of Special Elements Used in a Template Engine
Description
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
[object Object]
Common consequences
- Integrity→Execute Unauthorized Code or Commands
Potential mitigations
- Architecture and DesignChoose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
- ImplementationUse the template engine's sandbox or restricted mode, if available.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-410652026-06-04CVE-2026-349062026-06-02CVE-2026-422529.12026-06-01CVE-2026-456979.82026-05-29CVE-2026-493824.52026-05-29CVE-2026-453129.92026-05-29CVE-2026-95589.92026-05-29CVE-2026-442097.52026-05-26CVE-2026-447235.02026-05-26CVE-2026-94986.32026-05-25CVE-2025-409004.62026-05-19CVE-2026-292076.52026-05-19CVE-2026-87406.32026-05-17CVE-2026-457149.12026-05-13CVE-2026-443779.12026-05-13CVE-2026-419019.02026-05-12CVE-2026-417138.22026-05-12CVE-2026-441292026-05-08CVE-2026-449163.02026-05-08CVE-2026-422038.82026-05-08