CWE-1288: Improper Validation of Consistency within Input

CWE-1288: Improper Validation of Consistency within Input is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. Some input data can be structured with multiple elements or fields that must be consistent with each other, e.g. a number-of-items field that is followed by the expected number of elements. When such complex inputs are inconsistent, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities.

If exploited, CWE-1288 (Improper Validation of Consistency within Input) it can compromise Other, leading to outcomes such as Varies by Context.

CWE-1288 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

MITRE documents real CVEs mapped to CWE-1288, including CVE-2018-16733, CVE-2006-3790 and CVE-2008-4114. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

A CWE (Common Weakness Enumeration) like CWE-1288 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.