CWE•Base•Draft•4 recent CVEs

CWE-215Insertion of Sensitive Information Into Debugging Code

Description

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the product is operating in a production environment, then this sensitive information may be exposed to attackers.

Common consequences

Confidentiality→Read Application Data

Potential mitigations

Implementation
Do not leave debug statements that could be executed in the source code. Ensure that all debug information is eradicated before releasing the software.
Architecture and Design
[object Object]

Recent CVEs classified under this CWE

CVE-2026-401739.42026-04-15 CVE-2025-126163.72025-11-03 CVE-2025-585986.62025-09-03 CVE-2023-491945.32024-12-09

Description

Common consequences

Potential mitigations

Related CWEs

Recent CVEs classified under this CWE