CWE · MITRE source
CWE-530Exposure of Backup File to an Unauthorized Control Sphere
A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-12330 | 1.6 | 7.5 | 0.0101 | 2025-01-09 |
CVE-2020-36899 | 1.5 | 7.5 | 0.0053 | 2025-12-10 |
CVE-2025-3773 | 1.1 | 5.5 | 0.0007 | 2025-06-26 |
CVE-2023-5297 | 0.7 | 3.7 | 0.0007 | 2023-09-29 |
CVE-2024-3124 | 0.5 | 2.4 | 0.0003 | 2024-04-01 |
CVE-2024-3128 | 0.5 | 2.4 | 0.0003 | 2024-04-01 |
CVE-2024-3430 | 0.5 | 2.4 | 0.0003 | 2024-04-07 |
CVE-2026-2974 | 0.5 | 2.5 | 0.0001 | 2026-02-23 |
CVE-2024-2364 | 0.4 | 1.8 | 0.0003 | 2024-03-10 |
CVE-2024-2567 | 0.4 | 1.8 | 0.0003 | 2024-03-17 |