CWE · MITRE source
CWE-459Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (6)AI
Showing the 5 most specific. Generic controls that address many weakness types are collapsed below.
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SI-12 | Information Management and Retention | SI | Operational retention schedules mandate complete cleanup of temporary or residual sensitive data after use. |
SI-14 | Non-persistence | SI | Termination of the non-persistent artifact guarantees cleanup of temporary state, directly countering incomplete cleanup weaknesses. |
SI-17 | Fail-safe Procedures | SI | Fail-safe procedures can explicitly require cleanup of temporary state, resources, or privileges on failure to avoid leaving the system in an inconsistent state. |
SC-4 | Information in Shared System Resources | SC | Mandates complete sanitization during cleanup so that shared resources (memory, caches, buffers) do not retain data across subjects. |
SR-12 | Component Disposal | SR | Enforces complete cleanup and sanitization steps during disposal, closing gaps that leave data remnants on retired components. |
Show 1 more broadly-applicable controls
SI-21 | Information Refresh | SI | The explicit delete step when information is no longer needed implements the cleanup that this weakness omits. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2021-39327 | 6.5 | 5.3 | 0.9094 | 2021-09-17 |
CVE-2017-17090 | 6.3 | 7.5 | 0.8058 | 2017-12-02 |
CVE-2023-36468 | 2.5 | 9.9 | 0.0924 | 2023-06-29 |
CVE-2025-31650 | 2.1 | 7.5 | 0.0955 | 2025-04-28 |
CVE-2005-1744 | 2.0 | 9.8 | 0.0073 | 2005-05-24 |
CVE-2018-18924 | 2.0 | 8.8 | 0.0338 | 2018-11-04 |
CVE-2020-13451 | 2.0 | 9.8 | 0.0058 | 2021-01-07 |
CVE-2021-32928 | 2.0 | 9.8 | 0.0034 | 2021-06-16 |
CVE-2021-45706 | 2.0 | 9.8 | 0.0042 | 2021-12-27 |
CVE-2021-45330 | 2.0 | 9.8 | 0.0113 | 2022-02-09 |
CVE-2022-45347 | 2.0 | 9.8 | 0.0012 | 2022-12-22 |
CVE-2026-28268 | 2.0 | 9.8 | 0.0004 | 2026-02-27 |
CVE-2022-1552 | 1.9 | 8.8 | 0.0226 | 2022-08-31 |
CVE-2019-18191 | 1.8 | 8.8 | 0.0076 | 2019-12-16 |
CVE-2019-25016 | 1.8 | 8.8 | 0.0102 | 2021-01-28 |
CVE-2020-24489 | 1.8 | 8.8 | 0.0007 | 2021-06-09 |
CVE-2024-28265 | 1.8 | 9.1 | 0.0019 | 2024-11-01 |
CVE-2025-21609 | 1.8 | 9.1 | 0.0037 | 2025-01-03 |
CVE-2017-0303 | 1.6 | 7.5 | 0.0244 | 2017-10-27 |
CVE-2018-18281 | 1.6 | 7.8 | 0.0042 | 2018-10-30 |
CVE-2018-19961 | 1.6 | 7.8 | 0.0018 | 2018-12-08 |
CVE-2020-0183 | 1.6 | 7.8 | 0.0002 | 2020-06-11 |
CVE-2020-5987 | 1.6 | 7.8 | 0.0005 | 2020-10-02 |
CVE-2021-22428 | 1.6 | 8.1 | 0.0020 | 2021-08-02 |
CVE-2022-0646 | 1.6 | 7.8 | 0.0011 | 2022-02-18 |