CWE-524— Use of Cache Containing Sensitive Information
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.— MITRE CWE catalog
54 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-524page 2 of 2
- CVE-2026-53943CRITICALCVSS 9.6EG 9.62026-06-24
Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview hea…
- CVE-2026-59213MEDIUMCVSS 5.0EG 3.52026-07-09
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, get_all_models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of key_builder, cau…
- CVE-2026-6907MEDIUMCVSS 4.3EG 4.32026-05-05
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being store…
- CVE-2026-9678MEDIUMCVSS 5.9EG 5.92026-06-17
Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\ta…
Map vulnerabilities like CWE-524 to your infrastructure
EchelonGraph correlates every CVE — across CWE-524 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →