Cyber Resilience

CWE · MITRE source

CWE-909Missing Initialization of Resource

Abstraction: Class · CVEs in our corpus: 102

The product does not initialize a critical resource.

Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.

Last updated: 04 July 2026 00:28 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2022-227047.09.80.01332022-01-06
CVE-2018-146476.07.50.10912018-09-25
CVE-2005-10365.57.80.00382005-05-02
CVE-2018-108115.57.50.07122018-06-19
CVE-2018-10002245.57.50.03792018-08-20
CVE-2019-96395.57.50.08202019-03-09
CVE-2019-38045.57.50.04862019-03-26
CVE-2019-167145.57.50.02702019-09-23
CVE-2019-124085.57.50.03232019-11-08
CVE-2019-124105.57.50.04712019-11-08
CVE-2019-195535.57.50.04132019-12-05
CVE-2020-117415.58.80.00422020-04-14
CVE-2018-212475.57.50.02362020-06-17
CVE-2020-169325.57.80.04472020-10-16
CVE-2020-04385.57.80.00162020-11-10
CVE-2019-250165.58.80.02652021-01-28
CVE-2021-14055.57.50.03162021-04-08
CVE-2021-319195.57.50.01082021-04-30
CVE-2021-233865.57.70.01432021-05-20
CVE-2021-239945.58.80.01762021-06-24
CVE-2021-363865.57.50.02562021-07-30
CVE-2021-299805.58.80.01412021-08-17
CVE-2021-365135.57.50.01812021-10-18
CVE-2019-250545.57.50.00962021-12-27
CVE-2021-399665.57.50.00682022-01-03