CWE•Class•Draft•20 recent CVEs
CWE-326Inadequate Encryption Strength
Description
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Common consequences
- Access Control,Confidentiality→Bypass Protection Mechanism,Read Application DataAn attacker may be able to decrypt the data using brute force attacks.
Potential mitigations
- Architecture and DesignUse an encryption scheme that is currently considered to be strong by experts in the field.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-418608.82026-06-04CVE-2026-88787.52026-06-03CVE-2026-457879.12026-05-28CVE-2026-4452310.02026-05-14CVE-2026-443519.12026-05-13CVE-2026-333617.52026-05-11CVE-2018-252729.82026-04-22CVE-2025-12415.82026-04-21CVE-2026-53638.82026-04-16CVE-2026-58894.32026-04-08CVE-2026-393492.72026-04-07CVE-2025-77893.72025-07-18CVE-2025-73989.12025-07-17CVE-2024-505508.12024-10-29CVE-2024-287556.52024-04-03CVE-2022-40365.32022-11-29CVE-2020-75657.32020-11-19CVE-2017-79039.82017-06-30CVE-2017-23994.62017-04-02CVE-2017-23915.32017-04-02