CWE · MITRE source
CWE-409Improper Handling of Highly Compressed Data (Data Amplification)
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-5 | Denial-of-service Protection | SC | Limits effects of data amplification from compressed or malicious inputs. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2026-27809 | 1.8 | 9.1 | 0.0008 | 2026-02-26 |
CVE-2022-29225 | 1.5 | 7.5 | 0.0008 | 2022-06-09 |
CVE-2024-28101 | 1.5 | 7.5 | 0.0029 | 2024-03-21 |
CVE-2024-3572 | 1.5 | 7.5 | 0.0016 | 2024-04-16 |
CVE-2024-43499 | 1.5 | 7.5 | 0.0073 | 2024-11-12 |
CVE-2025-30153 | 1.5 | 7.5 | 0.0012 | 2025-03-19 |
CVE-2024-12886 | 1.5 | 7.5 | 0.0021 | 2025-03-20 |
CVE-2024-7765 | 1.5 | 7.5 | 0.0041 | 2025-03-20 |
CVE-2025-58057 | 1.5 | 7.5 | 0.0006 | 2025-09-04 |
CVE-2025-62708 | 1.5 | 7.5 | 0.0007 | 2025-10-22 |
CVE-2025-66471 | 1.5 | 7.5 | 0.0001 | 2025-12-05 |
CVE-2025-66909 | 1.5 | 7.5 | 0.0058 | 2025-12-19 |
CVE-2025-69223 | 1.5 | 7.5 | 0.0008 | 2026-01-05 |
CVE-2026-21441 | 1.5 | 7.5 | 0.0003 | 2026-01-07 |
CVE-2026-22776 | 1.5 | 7.5 | 0.0008 | 2026-01-12 |
CVE-2026-22870 | 1.5 | 7.5 | 0.0002 | 2026-01-13 |
CVE-2026-28435 | 1.5 | 7.5 | 0.0008 | 2026-03-04 |
CVE-2026-1526 | 1.5 | 7.5 | 0.0002 | 2026-03-12 |
CVE-2026-40036 | 1.5 | 7.5 | 0.0014 | 2026-04-08 |
CVE-2025-46730 | 1.4 | 6.8 | 0.0031 | 2025-05-05 |
CVE-2023-0821 | 1.3 | 6.5 | 0.0045 | 2023-02-16 |
CVE-2024-54682 | 1.3 | 6.5 | 0.0020 | 2024-12-16 |
CVE-2025-25186 | 1.3 | 6.5 | 0.0014 | 2025-02-10 |
CVE-2024-12387 | 1.3 | 6.5 | 0.0047 | 2025-03-20 |
CVE-2025-32949 | 1.3 | 6.5 | 0.0012 | 2025-04-15 |