CWE•Base•Draft•12 recent CVEs

CWE-331Insufficient Entropy

Description

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Common consequences

Access Control,Other→Bypass Protection Mechanism,Other
An attacker could guess the random numbers generated and could gain unauthorized access to a system if the random numbers are used for authentication and authorization.

Potential mitigations

Implementation
Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

Related CWEs

CWE-330Use of Insufficiently Random Values CWE-330Use of Insufficiently Random Values

Recent CVEs classified under this CWE

CVE-2026-464737.52026-05-21 CVE-2026-87007.32026-05-15 CVE-2026-464747.52026-05-15 CVE-2026-421552026-05-15 CVE-2025-149722026-05-15 CVE-2026-48272026-05-12 CVE-2026-72109.82026-05-11 CVE-2026-410802.92026-04-16 CVE-2026-342368.22026-04-01 CVE-2025-69313.72025-06-30 CVE-2023-33258.12023-06-20 CVE-2017-60306.52017-06-30