CWE•Variant•Draft•10 recent CVEs

CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description

The Secure attribute for sensitive cookies in HTTPS sessions is not set.

Common consequences

Confidentiality→Read Application Data
Omitting the secure flag makes it possible for the user agent to send the cookies in plaintext over an HTTP session.

Potential mitigations

Implementation
Always set the secure attribute when the cookie should be sent via HTTPS only.

Related CWEs

CWE-319Cleartext Transmission of Sensitive Information

Recent CVEs classified under this CWE

CVE-2026-465505.42026-06-23 CVE-2026-536612026-06-11 CVE-2026-119563.72026-06-11 CVE-2026-463982026-06-05 CVE-2025-526083.12026-06-04 CVE-2026-410175.92026-06-01 CVE-2026-438282026-05-25 CVE-2026-48204.32026-04-01 CVE-2025-526326.52025-10-10 CVE-2025-80379.12025-07-22