LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES  /  CWE-95

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Variant EXPLOIT LIKELIHOOD: MEDIUM

What it is

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Impact

ConfidentialityRead Files or Directories, Read Application Data
Access ControlBypass Protection Mechanism
Access ControlGain Privileges or Assume Identity
Integrity, Confidentiality, Availability, OtherExecute Unauthorized Code or Commands
Non-RepudiationHide Activities

Mitigations

  • [Architecture and Design, Implementation] If possible, refactor your code so that it does not need to use eval() at all.
  • [Implementation]Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.When performing input validation, consider all potentially relevant properties, including length, type of input, the full r
  • [Implementation]Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicaliz
  • [Implementation]For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].

Real-world CVE examples

  • CVE-2024-4181 — Framework for LLM applications allows eval injection via a crafted response from a hosting provider.
  • CVE-2022-2054 — Python compiler uses eval() to execute malicious strings as Python code.
  • CVE-2021-22204 — Chain: regex in EXIF processor code does not correctly determine where a string ends (CWE-625), enabling eval injection (CWE-95), as exploited in the wild per C
  • CVE-2021-22205 — Chain: backslash followed by a newline can bypass a validation step (CWE-20), leading to eval injection (CWE-95), as exploited in the wild per CISA KEV.
  • CVE-2008-5071 — Eval injection in PHP program.
  • CVE-2002-1750 — Eval injection in Perl program.
  • CVE-2008-5305 — Eval injection in Perl program using an ID that should only contain hyphens and numbers.
  • CVE-2002-1752 — Direct code injection into Perl eval function.
  • CVE-2002-1753 — Eval injection in Perl program.
  • CVE-2005-1527 — Direct code injection into Perl eval function.
  • CVE-2005-2837 — Direct code injection into Perl eval function.
  • CVE-2005-1921 — MFV. code injection into PHP eval statement using nested constructs that should not be nested.

Related weaknesses

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →

Scroll to Top