CWE-1329— Reliance on Component That is Not Updateable
The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.— MITRE CWE catalog
6 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1329page 1 of 1
- CVE-2021-38398MEDIUMCVSS 6.5EG 6.82021-10-04
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.
- CVE-2022-34381CRITICALCVSS 9.1EG 9.12024-02-02
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this v…
- CVE-2026-21265MEDIUMCVSS 6.4EG 6.42026-01-13
Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality a…
- CVE-2026-41097MEDIUMCVSS 6.7EG 6.72026-05-12
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- CVE-2026-48573HIGHCVSS 7.9EG 7.92026-06-09
No cwe for this issue in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
- CVE-2026-48576HIGHCVSS 7.9EG 7.92026-06-09
No cwe for this issue in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Map vulnerabilities like CWE-1329 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1329 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →