CWE•Base•Draft•1 recent CVE

CWE-625Permissive Regular Expression

Description

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

[object Object]

Common consequences

Access Control→Bypass Protection Mechanism

Potential mitigations

Implementation
When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.

Related CWEs

CWE-185Incorrect Regular Expression CWE-187Partial String Comparison CWE-184Incomplete List of Disallowed Inputs CWE-183Permissive List of Allowed Inputs

Recent CVEs classified under this CWE

CVE-2026-377376.52026-06-05