Cyber Posture

CWE · MITRE source

CWE-204Observable Response Discrepancy

Abstraction: Base · CVEs in our corpus: 149

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
SC-30Concealment and MisdirectionSCFake or randomized responses remove distinguishable success/failure signals attackers rely on.
SI-11Error HandlingSIEliminates distinguishable response discrepancies in error conditions that could be exploited for reconnaissance.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2019-190302.45.30.21622022-12-26
CVE-2022-416972.25.30.18552022-12-22
CVE-2025-54851.78.60.00402025-06-12
CVE-2021-345801.57.50.00302021-10-27
CVE-2021-200491.57.50.00332021-12-23
CVE-2025-30921.57.50.00232025-06-24
CVE-2025-463901.57.50.00082025-08-06
CVE-2025-124551.57.50.00052026-03-13
CVE-2026-334191.57.50.00022026-03-24
CVE-2026-41131.47.20.00092026-04-09
CVE-2021-384761.36.50.00152021-10-19
CVE-2022-393151.36.50.00462022-10-25
CVE-2024-247661.36.20.00472024-03-06
CVE-2023-461701.36.50.00052024-03-07
CVE-2024-282321.36.20.00342024-04-01
CVE-2024-392111.35.30.03482024-07-04
CVE-2025-619071.36.50.00042025-10-16
CVE-2025-663071.36.50.00052025-12-01
CVE-2025-678741.36.50.00052025-12-16
CVE-2026-342641.36.50.00052026-04-14
CVE-2024-406271.25.80.00162024-07-15
CVE-2025-98241.25.90.00052025-09-03
CVE-2025-625121.25.30.02362026-02-24
CVE-2016-94991.15.30.00512018-07-13
CVE-2021-391891.15.30.00022021-09-15