CWE•Base•Incomplete•20 recent CVEs
CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
[object Object]
Common consequences
- Confidentiality→Read Application Data
Potential mitigations
- Architecture and Design,ImplementationProduction applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-447433.72026-06-09CVE-2026-490775.32026-06-04CVE-2026-447494.32026-05-26CVE-2018-253587.52026-05-23CVE-2026-273494.32026-05-21CVE-2026-02402026-05-13CVE-2026-02392026-05-13CVE-2026-436547.52026-05-11CVE-2026-78642026-05-08CVE-2026-419285.32026-05-07CVE-2026-420478.62026-05-07CVE-2026-254685.32026-05-07CVE-2026-426445.32026-04-29CVE-2026-242228.62026-04-28CVE-2026-413394.32026-04-23CVE-2026-413355.32026-04-23CVE-2026-414595.32026-04-22CVE-2026-344138.62026-04-22CVE-2025-156237.52026-04-17CVE-2026-396865.32026-04-08