CWE-326— Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.— MITRE CWE catalog
503 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-326page 10 of 11
- CVE-2024-50550HIGHCVSS 8.1EG 8.12024-10-29
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.
- CVE-2024-52317MEDIUMCVSS 6.5EG 6.52024-11-18
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat:…
- CVE-2024-52318MEDIUMCVSS 6.1EG 6.12024-11-18
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
- CVE-2024-54089HIGHCVSS 7.5EG 7.52025-02-11
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard…
- CVE-2024-5800HIGHCVSS 7.5EG 7.52024-08-12
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
- CVE-2024-8455HIGHCVSS 8.1EG 8.12024-09-30
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, …
- CVE-2025-11935HIGHCVSS 7.5EG 7.52025-11-21
With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to…
- CVE-2025-1241MEDIUMCVSS 5.8EG 5.82026-04-21
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.
- CVE-2025-12439MEDIUMCVSS 5.5EG 5.52025-11-10
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security sever…
- CVE-2025-12478CRITICALCVSS 9.8EG 9.82025-10-29
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-20667HIGHCVSS 7.5EG 7.52025-05-05
In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution …
- CVE-2025-22446MEDIUMCVSS 4.6EG 4.62025-05-13
Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-2349LOWCVSS 3.1EG 3.12025-03-16
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulatio…
- CVE-2025-2516CRITICALCVSS 9.5EG 9.52025-03-27
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not v…
- CVE-2025-27460HIGHCVSS 7.6EG 7.62025-07-03
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, c…
- CVE-2025-27524MEDIUMCVSS 5.3EG 5.32025-05-15
Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-…
- CVE-2025-32874HIGHCVSS 7.5EG 7.42025-07-16
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method…
- CVE-2025-36106MEDIUMCVSS 6.5EG 6.52025-07-21
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by u…
- CVE-2025-39889HIGHCVSS 8.1EG 5.52025-09-24
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder -…
- CVE-2025-41743MEDIUMCVSS 4.0EG 4.02025-12-02
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and inter…
- CVE-2025-43925MEDIUMCVSS 4.6EG 4.62025-06-03
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.
- CVE-2025-45764LOWCVSS 3.2EG 7.02025-08-06
jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assig…
- CVE-2025-45765CRITICALCVSS 9.1EG 9.12025-08-07
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and tho…
- CVE-2025-45769MEDIUMCVSS 6.5EG 6.52025-07-31
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.…
- CVE-2025-45770HIGHCVSS 7.0EG 7.02025-07-31
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, …
- CVE-2025-46409HIGHCVSS 7.5EG 7.52025-08-28
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attac…
- CVE-2025-46626HIGHCVSS 7.3EG 7.32025-05-01
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.
- CVE-2025-46833MEDIUMCVSS 4.6EG 4.62025-05-08
Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this t…
- CVE-2025-48823MEDIUMCVSS 5.9EG 5.92025-07-08
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
- CVE-2025-4894LOWCVSS 3.7EG 3.72025-05-18
A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to …
- CVE-2025-48960MEDIUMCVSS 5.9EG 5.92025-06-04
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938.
- CVE-2025-55039MEDIUMCVSS 6.5EG 6.52025-10-15
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.cry…
- CVE-2025-55248MEDIUMCVSS 4.8EG 4.82025-10-14
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
- CVE-2025-63579HIGHCVSS 7.5EG 0.02026-07-09
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypt…
- CVE-2025-65295HIGHCVSS 8.1EG 8.12025-12-10
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to…
- CVE-2025-68703HIGHCVSS 7.5EG 7.52026-01-13
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulne…
- CVE-2025-7398CRITICALCVSS 9.1EG 9.12025-07-17
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
- CVE-2025-7789LOWCVSS 3.7EG 3.72025-07-18
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Gen…
- CVE-2025-9239LOWCVSS 3.7EG 3.72025-08-20
A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The mani…
- CVE-2025-9513LOWCVSS 3.7EG 3.72025-08-27
A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength…
- CVE-2026-0510LOWCVSS 3.0EG 3.02026-01-13
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to expl…
- CVE-2026-14868MEDIUMCVSS 5.5EG 5.52026-07-07
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacke…
- CVE-2026-28377HIGHCVSS 7.5EG 7.52026-03-26
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_go…
- CVE-2026-33361HIGHCVSS 7.5EG 7.52026-05-11
In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes w…
- CVE-2026-39349LOWCVSS 2.7EG 2.72026-04-07
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables …
- CVE-2026-41860HIGHCVSS 8.8EG 8.82026-06-04
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling a…
- CVE-2026-44351CRITICALCVSS 9.1EG 9.12026-05-13
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted …
- CVE-2026-44523CRITICALCVSS 10.0EG 10.02026-05-14
Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets…
- CVE-2026-45787CRITICALCVSS 9.1EG 9.12026-05-28
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for syn…
- CVE-2026-5363HIGHCVSS 8.8EG 8.82026-04-16
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router…
Map vulnerabilities like CWE-326 to your infrastructure
EchelonGraph correlates every CVE — across CWE-326 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →