Description
The product does not properly restrict reading from or writing to dynamically-identified variables.
Extended Description
Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.
CVE vulnerabilities with CWE-914 (8)
10.0
CVSS
CRITICAL
CVE-2026-44006
pub. 2026-05-13
9.1
CVSS
CRITICAL
CVE-2023-33175
pub. 2023-05-30
8.5
CVSS
HIGH
CVE-2024-54198
pub. 2024-12-10
8.0
CVSS
HIGH
CVE-2024-24914
pub. 2024-11-07
7.9
CVSS
HIGH
CVE-2026-34444
pub. 2026-04-06
6.5
CVSS
MEDIUM
CVE-2026-35173
pub. 2026-04-06
2.1
CVSS
LOW
CVE-2025-14085
pub. 2025-12-05
2.1
CVSS
LOW
CVE-2025-14051
pub. 2025-12-04