CWE-212— Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.— MITRE CWE catalog
112 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-212page 3 of 3
- CVE-2026-20928MEDIUMCVSS 4.6EG 4.62026-04-14
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2026-27892MEDIUMCVSS 6.5EG 6.52026-05-18
FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloa…
- CVE-2026-36178MEDIUMCVSS 4.6EG 4.62026-06-04
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.
- CVE-2026-39937HIGHCVSS 8.8EG 8.82026-04-07
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the `master` branch, and in t…
- CVE-2026-40895HIGHCVSS 7.5EG 7.52026-04-21
follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects o…
- CVE-2026-42186HIGHCVSS 7.5EG 7.52026-05-14
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affe…
- CVE-2026-42880CRITICALCVSS 9.6EG 9.62026-05-07
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allow…
- CVE-2026-43528MEDIUMCVSS 6.5EG 6.52026-05-05
OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit …
- CVE-2026-43824HIGHCVSS 7.7EG 7.72026-05-02
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
- CVE-2026-45046MEDIUMCVSS 5.5EG 5.52026-05-27
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal w…
- CVE-2026-46657HIGHCVSS 7.1EG 7.12026-06-08
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a us…
- CVE-2026-54421MEDIUMCVSS 6.8EG 6.82026-06-14
In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issu…
Map vulnerabilities like CWE-212 to your infrastructure
EchelonGraph correlates every CVE — across CWE-212 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →