CWE · MITRE source
CWE-201Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Last updated: 20 May 2026 11:03 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SI-20 | Tainting | SI | Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-32825 UPD | 3.0 | 7.5 | 0.2580 | 2024-04-24 |
CVE-2024-6586 | 2.8 | 7.3 | 0.2199 | 2024-08-30 |
CVE-2026-24477 | 2.2 | 7.5 | 0.1122 | 2026-01-27 |
CVE-2018-17245 | 2.0 | 9.8 | 0.0032 | 2018-12-20 |
CVE-2020-27127 | 2.0 | 9.9 | 0.0044 | 2020-12-11 |
CVE-2020-27132 | 2.0 | 9.9 | 0.0034 | 2020-12-11 |
CVE-2020-27133 | 2.0 | 9.9 | 0.0044 | 2020-12-11 |
CVE-2020-27134 | 2.0 | 9.9 | 0.0067 | 2020-12-11 |
CVE-2020-26085 | 2.0 | 9.9 | 0.0060 | 2021-01-07 |
CVE-2024-43283 UPD | 2.0 | 5.3 | 0.1560 | 2024-08-26 |
CVE-2025-49408 UPD | 2.0 | 10.0 | 0.0010 | 2025-08-20 |
CVE-2023-48240 | 1.9 | 9.0 | 0.0158 | 2023-11-20 |
CVE-2025-48749 | 1.8 | 9.1 | 0.0041 | 2025-05-28 |
CVE-2026-39912 | 1.8 | 9.1 | 0.0010 | 2026-04-09 |
CVE-2021-26566 | 1.7 | 8.3 | 0.0053 | 2021-02-26 |
CVE-2023-3399 | 1.7 | 8.5 | 0.0003 | 2023-11-06 |
CVE-2025-3529 | 1.7 | 8.2 | 0.0050 | 2025-04-23 |
CVE-2025-62039 | 1.7 | 7.5 | 0.0322 | 2025-11-06 |
CVE-2025-58098 | 1.7 | 8.3 | 0.0002 | 2025-12-05 |
CVE-2026-5483 UPD | 1.7 | 8.5 | 0.0007 | 2026-04-10 |
CVE-2021-23019 | 1.6 | 7.8 | 0.0006 | 2021-06-01 |
CVE-2024-23506 UPD | 1.6 | 7.7 | 0.0028 | 2024-01-27 |
CVE-2024-38787 UPD | 1.6 | 7.5 | 0.0149 | 2024-08-13 |
CVE-2024-8890 | 1.6 | 8.0 | 0.0012 | 2024-09-18 |
CVE-2024-49235 UPD | 1.6 | 7.5 | 0.0084 | 2024-10-17 |