CWE•Base•Draft•20 recent CVEs
CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory
Description
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Common consequences
- Confidentiality→Read Files or Directories
Potential mitigations
- Architecture and Design,Operation,System ConfigurationDo not expose file and directory information to the user.
Related CWEs
Recent CVEs classified under this CWE
CVE-2019-257174.32026-06-02CVE-2026-102545.32026-06-01CVE-2026-492988.82026-06-01CVE-2026-271738.72026-05-19CVE-2023-543467.52026-05-05CVE-2026-70715.32026-04-27CVE-2026-61605.32026-04-13CVE-2019-257067.52026-04-12CVE-2026-337055.32026-04-10CVE-2025-526423.32026-03-16CVE-2016-200249.82026-03-16CVE-2026-216728.82026-03-12CVE-2025-120599.82026-02-11CVE-2025-684297.32025-12-17CVE-2025-118915.32025-11-11CVE-2025-314215.82025-04-04CVE-2025-315585.82025-04-03CVE-2025-315505.82025-04-01CVE-2025-226335.82025-02-23CVE-2025-246895.92025-01-27