CWE-313Cleartext Storage in a File or on Disk

Abstraction: Variant · CVEs in our corpus: 26

The product stores sensitive information in cleartext in a file, or on disk.

The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control	Title	Family	Why it addresses this CWE
`SC-28`	Protection of Information at Rest	SC	Mandating protection of files and disk-stored data at rest prevents the specific weakness of cleartext storage on disk or in files.

Top CVEs of this weakness type, ranked by Risk Priority

CVE	Risk	CVSS	EPSS	Published
`CVE-2016-6538`	1.8	8.8	0.0023	2018-07-06
`CVE-2025-5098`	1.8	9.1	0.0012	2025-05-23
`CVE-2016-6546`	1.6	7.8	0.0008	2018-07-13
`CVE-2016-6547`	1.6	7.8	0.0008	2018-07-13
`CVE-2025-4397`	1.4	6.8	0.0002	2026-05-07
`CVE-2024-20448`	1.3	6.3	0.0014	2024-10-02
`CVE-2025-64305`	1.3	6.5	0.0001	2026-01-07
`CVE-2025-36154`	1.2	6.2	0.0001	2025-12-24
`CVE-2019-19291`	1.1	5.3	0.0017	2020-03-10
`CVE-2023-35699`	1.1	5.3	0.0005	2023-07-10
`CVE-2023-4066`	1.1	5.5	0.0004	2023-09-27
`CVE-2024-30406`	1.1	5.5	0.0002	2024-04-12
`CVE-2024-6785`	1.1	5.5	0.0008	2024-09-21
`CVE-2026-5531`	1.1	5.3	0.0002	2026-04-05
`CVE-2024-38280`	0.9	4.6	0.0009	2024-06-13
`CVE-2024-5916`	0.9	4.4	0.0008	2024-08-14
`CVE-2024-49762`	0.9	4.6	0.0004	2024-10-24
`CVE-2026-6598`	0.9	4.3	0.0001	2026-04-20
`CVE-2026-6796`	0.9	4.3	0.0001	2026-04-21
`CVE-2023-0114`	0.7	3.3	0.0006	2023-01-07
`CVE-2023-2863`	0.5	2.3	0.0002	2023-05-24
`CVE-2024-9040`	0.5	2.3	0.0001	2024-09-20
`CVE-2025-5154`	0.5	2.3	0.0005	2025-05-25
`CVE-2025-14836`	0.5	2.7	0.0002	2025-12-17
`CVE-2025-2120`	0.4	2.1	0.0003	2025-03-09