Article · Wikipedia archive · Last revised May 28, 2026

Improper input validation

Improper input validation or unchecked user input is a type of vulnerability in computer software that may be used for security exploits. This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."

Last revised
May 28, 2026
Read time
≈ 1 min
Length
152 w
Citations
3
Source
Wikipedia ↗

Improper input validation1 or unchecked user input is a type of vulnerability in computer software that may be used for security exploits.2 This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."1

Examples

Examples include:

See also

See also

  • Input validation – Process of ensuring computer data is both correct and usefulPages displaying short descriptions of redirect targets
  • Common Weakness Enumeration – Catalog of software weaknesses and vulnerabilities (CWE)
References

References

  1. "CWE-20: Improper Input Validation". Common Weakness Enumeration. MITRE. December 13, 2010. Retrieved February 22, 2011.
  2. Erickson, Jon (2008). Hacking: the art of exploitation. No Starch Press Series (2, illustrated ed.). Safari Books Online. ISBN 978-1-59327-144-2.
External links