CWE-522— Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.— MITRE CWE catalog
1,472 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-522page 29 of 30
- CVE-2026-22574MEDIUMCVSS 4.1EG 4.12026-04-14
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 thro…
- CVE-2026-22576MEDIUMCVSS 4.3EG 4.32026-04-14
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 thro…
- CVE-2026-22911MEDIUMCVSS 5.3EG 5.32026-01-15
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
- CVE-2026-23658HIGHCVSS 8.6EG 8.62026-03-19
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-23742HIGHCVSS 8.8EG 8.82026-01-16
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline…
- CVE-2026-23927MEDIUMCVSS 5.1EG 5.12026-05-06
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a n…
- CVE-2026-23958CRITICALCVSS 9.8EG 9.82026-01-22
Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force th…
- CVE-2026-24845MEDIUMCVSS 6.5EG 6.52026-01-29
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a special…
- CVE-2026-25631MEDIUMCVSS 6.5EG 6.52026-02-06
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domain…
- CVE-2026-26049MEDIUMCVSS 5.7EG 5.72026-02-20
The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observ…
- CVE-2026-27316LOWCVSS 2.7EG 2.72026-04-14
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentia…
- CVE-2026-28909MEDIUMCVSS 6.5EG 6.52026-04-30
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
- CVE-2026-28961MEDIUMCVSS 4.6EG 4.62026-05-11
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.
- CVE-2026-30796HIGHCVSS 7.5EG 7.52026-03-05
Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) …
- CVE-2026-32171HIGHCVSS 8.8EG 8.82026-04-14
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
- CVE-2026-32315MEDIUMCVSS 5.5EG 5.52026-06-22
motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--), making it…
- CVE-2026-32913CRITICALCVSS 9.3EG 9.32026-03-23
OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redirects to different origins to intercept…
- CVE-2026-33575HIGHCVSS 7.5EG 7.52026-03-29
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup codes generated by /pair endpoint and OpenClaw qr command. Attackers with access to leaked setup codes from chat history, logs, or screenshots…
- CVE-2026-34262MEDIUMCVSS 5.0EG 5.02026-04-14
Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer
- CVE-2026-35155HIGHCVSS 7.1EG 7.12026-04-29
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
- CVE-2026-35185HIGHCVSS 7.5EG 7.52026-04-06
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client …
- CVE-2026-35467HIGHCVSS 7.5EG 7.52026-04-02
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
- CVE-2026-39462HIGHCVSS 8.1EG 8.12026-04-24
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using th…
- CVE-2026-39908MEDIUMCVSS 6.5EG 6.52026-06-08
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attack…
- CVE-2026-39968HIGHCVSS 7.1EG 7.12026-05-22
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. While the builder's getCredentials tRPC endp…
- CVE-2026-40173CRITICALCVSS 9.4EG 9.42026-04-15
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without …
- CVE-2026-41266HIGHCVSS 7.5EG 7.52026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration w…
- CVE-2026-41345MEDIUMCVSS 5.3EG 5.32026-04-23
OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirec…
- CVE-2026-41506MEDIUMCVSS 4.7EG 4.72026-05-08
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This …
- CVE-2026-41715MEDIUMCVSS 6.1EG 6.12026-06-09
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects…
- CVE-2026-42295MEDIUMCVSS 4.9EG 4.92026-05-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, se…
- CVE-2026-42367MEDIUMCVSS 6.5EG 6.52026-05-04
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vuln…
- CVE-2026-42869CRITICALCVSS 10.0EG 10.02026-05-11
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships…
- CVE-2026-42951MEDIUMCVSS 5.4EG 5.42026-05-29
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
- CVE-2026-4387LOWCVSS 2.0EG 2.02026-05-29
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users…
- CVE-2026-43992CRITICALCVSS 9.8EG 9.82026-05-12
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit too…
- CVE-2026-44622MEDIUMCVSS 6.5EG 6.52026-06-25
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
- CVE-2026-44938HIGHCVSS 8.8EG 8.82026-07-01
A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespa…
- CVE-2026-45091CRITICALCVSS 9.1EG 9.12026-05-12
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload …
- CVE-2026-45407MEDIUMCVSS 5.5EG 5.52026-06-26
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission set…
- CVE-2026-46440CRITICALCVSS 9.1EG 9.12026-06-08
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue ha…
- CVE-2026-46511HIGHCVSS 8.7EG 8.72026-05-19
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSettings` endpoint allows an authenticated at…
- CVE-2026-4819MEDIUMCVSS 4.9EG 4.92026-03-31
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
- CVE-2026-49379MEDIUMCVSS 6.5EG 6.52026-05-29
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
- CVE-2026-49949MEDIUMCVSS 5.3EG 5.32026-06-11
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport.…
- CVE-2026-50017MEDIUMCVSS 6.5EG 6.52026-06-25
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a defau…
- CVE-2026-53632MEDIUMCVSS 5.5EG 5.52026-06-15
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attemp…
- CVE-2026-53840HIGHCVSS 7.1EG 7.12026-06-16
OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint…
- CVE-2026-54276MEDIUMCVSS 6.1EG 6.12026-06-15
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulner…
- CVE-2026-54617CRITICALCVSS 9.8EG 9.82026-07-02
LaunchServer FileServerHandler has an unauthenticated path traversal issue ### Summary An unauthenticated path traversal in the LaunchServer HTTP file server (`FileServerHandler`) lets any remote actor read **any file** readable by the La…
Map vulnerabilities like CWE-522 to your infrastructure
EchelonGraph correlates every CVE — across CWE-522 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →