CWE-94 Base Draft Medium likelihood

Improper Control of Generation of Code ('Code Injection')

This vulnerability occurs when an application builds executable code using unvalidated external input, such as user data. Because the application fails to properly filter or escape this input, an…

Definition

What is CWE-94?

This vulnerability occurs when an application builds executable code using unvalidated external input, such as user data. Because the application fails to properly filter or escape this input, an attacker can inject special characters or commands that alter the intended code's logic or syntax.
Code injection happens when user-supplied data is directly incorporated into dynamically generated code, like SQL queries, OS commands, or script blocks. Attackers exploit this by crafting inputs containing command delimiters or code syntax, tricking the application into executing unintended instructions. This can lead to data theft, system takeover, or complete compromise of the application's environment. To prevent this, developers must strictly separate code from data. Use parameterized queries for databases, prepared statements, or safe API calls that automatically handle escaping. Never concatenate raw user input into executable strings. Input validation is also critical, but it should be a secondary defense, as proper use of secure coding interfaces is the most reliable way to neutralize injection risks.
Vulnerability Diagram CWE-94
Code Injection Field "expr" __import__('os').system… Server (Python) result = eval(expr) # interprets expr as code runs os.system('rm -rf /') no sandbox Full RCE attacker code on server Untrusted input is evaluated as program source.
Real-world impact

Real-world CVEs caused by CWE-94

  • CVE-2023-29374

    Math component in an LLM framework translates user input into a Python expression that is input into the Python exec() method, allowing code execution - one variant of a "prompt injection" attack.

  • CVE-2024-5565

    Python-based library uses an LLM prompt containing user input to dynamically generate code that is then fed as input into the Python exec() method, allowing code execution - one variant of a "prompt injection" attack.

  • CVE-2024-4181

    Framework for LLM applications allows eval injection via a crafted response from a hosting provider.

  • CVE-2022-2054

    Python compiler uses eval() to execute malicious strings as Python code.

  • CVE-2021-22204

    Chain: regex in EXIF processor code does not correctly determine where a string ends (CWE-625), enabling eval injection (CWE-95), as exploited in the wild per CISA KEV.

  • CVE-2020-8218

    "Code injection" in VPN product, as exploited in the wild per CISA KEV.

  • CVE-2008-5071

    Eval injection in PHP program.

  • CVE-2002-1750

    Eval injection in Perl program.

How attackers exploit it

Step-by-step attacker path

  1. 1

    This example attempts to write user messages to a message file and allow users to view them.

  2. 2

    While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:

  3. 3

    which will decode to the following:

  4. 4

    The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages.

  5. 5

    Notice that XSS (CWE-79) is also possible in this situation.

Vulnerable code example

Vulnerable PHP

This example attempts to write user messages to a message file and allow users to view them.

Vulnerable PHP 
$MessageFile = "messages.out";
  if ($_GET["action"] == "NewMessage") {
  	$name = $_GET["name"];
  	$message = $_GET["message"];
  	$handle = fopen($MessageFile, "a+");
  	fwrite($handle, "<b>$name</b> says '$message'<hr>\n");
  	fclose($handle);
  	echo "Message Saved!<p>\n";
  }
  else if ($_GET["action"] == "ViewMessages") {
  	include($MessageFile);
  }
Attacker payload

While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:

Attacker payload 
name=h4x0r
  message=%3C?php%20system(%22/bin/ls%20-l%22);?%3E
Secure code example

Secure Python

A way to accomplish this without the use of eval() is to apply an integer conversion on the input within a try/except block. If the user-supplied input is not numeric, this will raise a ValueError. By avoiding eval(), there is no opportunity for the input string to be executed as code.

Secure Python 
def main():
  	 sum = 0
  	 numbers = input("Enter a space-separated list of numbers: ").split(" ")
  	 try:
  		 for num in numbers:
  			 sum = sum + int(num)
  		 print(f"Sum of {numbers} = {sum}") 
  	 except ValueError:
  		 print("Error: invalid input")
   main()
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Prevention checklist

How to prevent CWE-94

  • Architecture and Design Refactor your program so that you do not have to dynamically generate code.
  • Architecture and Design Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product. Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection. This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise. Be careful to avoid CWE-243 and other weaknesses related to jails.
  • Implementation Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue." Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright. To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
  • Testing Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
  • Testing Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
  • Operation Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
  • Operation Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
  • Implementation For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
Detection signals

How to detect CWE-94

Automated Static Analysis High

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Plexicus auto-fix

Plexicus auto-detects CWE-94 and opens a fix PR in under 60 seconds.

Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.

Get a demo Try Plexicus free
Frequently asked questions

Frequently asked questions

What is CWE-94?

This vulnerability occurs when an application builds executable code using unvalidated external input, such as user data. Because the application fails to properly filter or escape this input, an attacker can inject special characters or commands that alter the intended code's logic or syntax.

How serious is CWE-94?

MITRE rates the likelihood of exploit as Medium — exploitation is realistic but typically requires specific conditions.

What languages or platforms are affected by CWE-94?

MITRE lists the following affected platforms: Interpreted, AI/ML.

How can I prevent CWE-94?

Refactor your program so that you do not have to dynamically generate code. Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product. Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection. This may not be a feasible solution, and it only limits the impact to the operating system; the rest of…

How does Plexicus detect and fix CWE-94?

Plexicus's SAST engine matches the data-flow signature for CWE-94 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.

Where can I learn more about CWE-94?

MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/94.html. You can also reference OWASP and NIST documentation for adjacent guidance.

Related weaknesses

Weaknesses related to CWE-94

CWE-74 Parent

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

This vulnerability occurs when an application uses untrusted external input to build a command, query, or data structure for another…

CWE-1236 Sibling

Improper Neutralization of Formula Elements in a CSV File

This vulnerability occurs when an application writes user-supplied data into a CSV file without properly sanitizing special characters.…

CWE-75 Sibling

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

This vulnerability occurs when an application fails to properly filter or encode user-supplied data containing special characters or…

CWE-77 Sibling

Improper Neutralization of Special Elements used in a Command ('Command Injection')

This vulnerability occurs when an application builds a system command using untrusted user input without properly sanitizing it. An…

CWE-78 Sibling

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OS Command Injection occurs when an application builds a system command using untrusted, external input without properly sanitizing it.…

CWE-79 Sibling

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

This vulnerability occurs when a web application fails to properly sanitize or encode user-supplied input before displaying it on a…

CWE-88 Sibling

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

This vulnerability occurs when an application builds a command string for execution by another component, but fails to properly separate…

CWE-89 Sibling

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SQL Injection occurs when an application builds a database query using untrusted user input without properly sanitizing it. This allows an…

CWE-91 Sibling

XML Injection (aka Blind XPath Injection)

XML Injection occurs when an application fails to properly validate or escape user-controlled input before including it in XML documents…

Resources

Further reading

Ready when you are

Don't Let Security
Weigh You Down.

Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.

Get started free Book a demo