CWE•Base•Draft•20 recent CVEs
CWE-94Improper Control of Generation of Code ('Code Injection')
Description
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Common consequences
- Access Control→Bypass Protection MechanismIn some cases, injectable code controls authentication; this may lead to a remote vulnerability.
- Access Control→Gain Privileges or Assume IdentityInjected code can access resources that the attacker is directly prevented from accessing.
- Integrity,Confidentiality,Availability→Execute Unauthorized Code or CommandsWhen a product allows a user's input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the product. As a result, code injection can often result in t
- Non-Repudiation→Hide ActivitiesOften the actions performed by injected control code are unlogged.
Potential mitigations
- Architecture and DesignRefactor your program so that you do not have to dynamically generate code.
- Architecture and Design[object Object]
- Implementation[object Object]
- TestingUse dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
- OperationRun the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
- OperationRun the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
- Implementation[object Object]
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-87957.82026-06-09CVE-2026-116888.82026-06-09CVE-2026-527789.82026-06-08CVE-2026-113939.02026-06-08CVE-2026-258568.82026-06-08CVE-2026-115343.52026-06-08CVE-2026-464422026-06-08CVE-2026-115203.52026-06-08CVE-2026-115184.32026-06-08CVE-2026-115124.32026-06-08CVE-2026-114912.42026-06-08CVE-2026-114682.42026-06-08CVE-2026-114364.32026-06-06CVE-2026-114342.42026-06-06CVE-2026-114292026-06-05CVE-2026-494938.82026-06-05CVE-2026-113382.42026-06-05CVE-2026-113374.32026-06-05CVE-2026-112318.12026-06-04CVE-2026-112186.82026-06-04