CWE-178

Case Sensitivity Issue

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

6

Critical

1

High

2

Medium

1

Low

0

Severity distribution

Recent CVEs

showing 6 of 6

CVE-2020-12812Critical· 9.8KEVEPSS 42%23 h ago
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
CVE-2026-53721—EPSS 0%1 d ago
Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matche
CVE-2026-45062High· 8.1EPSS 0%2 d ago
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two
go
CVE-2026-47346—EPSS 0%4 d ago
Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to ex
CVE-2026-46392High· 8.7EPSS 0%7 d ago
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess
CVE-2016-8616Medium· 3.7EPSS 5%2026-04-25
curl/libcurl: case insensitive password comparison
curl

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.