CWE CATEGORY: General Software Weaknesses that Appear in Products that Use or Support AI/ML Technology
|
Category ID: 1447
Vulnerability Mapping:
PROHIBITED
This CWE ID must not be used to map to real-world vulnerabilities
|
Summary
This category lists general software weaknesses in software that insecurely uses AI/ML components, but frequently appear in many kinds of software products that do not use AI/ML.
Membership
| Nature |
Type |
ID |
Name |
| MemberOf |
View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). |
1448 |
Weaknesses Related to AI/ML Products
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
94 |
Improper Control of Generation of Code ('Code Injection')
|
| HasMember |
Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. |
95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
116 |
Improper Encoding or Escaping of Output
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
250 |
Execution with Unnecessary Privileges
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
434 |
Unrestricted Upload of File with Dangerous Type
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
502 |
Deserialization of Untrusted Data
|
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
862 |
Missing Authorization
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
918 |
Server-Side Request Forgery (SSRF)
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1336 |
Improper Neutralization of Special Elements Used in a Template Engine
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1426 |
Improper Validation of Generative AI Output
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1427 |
Improper Neutralization of Input Used for LLM Prompting
|
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
1434 |
Insecure Setting of Generative AI/ML Model Inference Parameters
|
Vulnerability Mapping Notes
|
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
|
|
Reasons:
Category,
Frequent Misuse
|
|
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
|
|
Comments: CWE users might be tempted to use this CWE for mapping, but it is a category (see Reasons). Mappers should consider whether a weakness is unique to AI/ML (in which case a high-level Pillar or class might still apply), or if it is a general software weakness that happens to appear in AI/ML related software.
|
Notes
Research Gap
As of CWE 4.20, it is still difficult to distinguish common AI/ML related attacks from the underlying weaknesses. The CWE AI Working Group has had many discussions about this general topic. Much of the latest research has focused on the attacks, and/or characterizing the underlying design and implementation of AI/ML related systems. From a CWE perspective, the distinction between "control" and "data" is not necessarily as deep as currently considered within the AI/ML community, since most weaknesses are characterized in terms of potentially insecure "behavior" - whether that behavior occurred due to design, insecure code, insecure configuration, or data-driven behaviors such as AI/ML. Since AI/ML is frequently derived from repositories of software that consume AI/ML components - many public reports of AI/ML vulnerabilities ultimately result from commonly-occurring weaknesses that appear in most kinds of software. There are several weakness-focused research efforts within the industry, but these efforts are still in the early stages.
Maintenance
This category is likely to be updated frequently in future versions. See Research Gaps.
References
Content
History
Submissions |
| Submission Date |
Submitter |
Organization |
2026-04-27
(CWE 4.20, 2026-04-30)
|
CWE Content Team |
MITRE |
|
|
More information is available — Please edit the custom filter or select a different filter.
|