CWE-454— External Initialization of Trusted Variables or Data Stores
The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.— MITRE CWE catalog
4 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-454page 1 of 1
- CVE-2025-36244HIGHCVSS 7.4EG 7.42025-09-16
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
- CVE-2026-26148HIGHCVSS 8.1EG 8.12026-03-10
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-48980MEDIUMCVSS 6.3EG 6.32026-06-18
pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environ…
- CVE-2026-54003CRITICALCVSS 9.1EG 9.12026-06-18
Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP …
Map vulnerabilities like CWE-454 to your infrastructure
EchelonGraph correlates every CVE — across CWE-454 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →