CWE · MITRE source
CWE-540Inclusion of Sensitive Information in Source Code
Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.
There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (3)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IR-9 | Information Spillage Response | IR | Detection and removal of spilled information addresses cases where sensitive data was included in source code. |
SA-21 | Developer Screening | SA | Screening helps prevent intentional insertion of sensitive information into source code by untrusted developers. |
SC-38 | Operations Security | SC | Prevents inclusion of sensitive information in source code and development artifacts through SDLC-wide OPSEC controls. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2025-26013 | 1.7 | 8.2 | 0.0026 | 2025-02-21 |
CVE-2021-28805 | 1.6 | 7.8 | 0.0005 | 2021-06-11 |
CVE-2023-39250 | 1.6 | 7.8 | 0.0005 | 2023-08-16 |
CVE-2024-1272 | 1.5 | 7.5 | 0.0017 | 2024-06-05 |
CVE-2024-38647 | 1.5 | 7.5 | 0.0030 | 2024-11-22 |
CVE-2025-49182 | 1.5 | 7.5 | 0.0047 | 2025-06-12 |
CVE-2026-4155 | 1.5 | 7.5 | 0.0038 | 2026-04-11 |
CVE-2021-34638 | 1.4 | 6.5 | 0.0136 | 2021-08-05 |
CVE-2024-38327 | 1.4 | 6.8 | 0.0019 | 2025-07-10 |
CVE-2026-35383 | 1.3 | 6.5 | 0.0005 | 2026-04-02 |
CVE-2023-23448 | 1.1 | 5.3 | 0.0018 | 2023-05-15 |
CVE-2023-30802 | 1.1 | 5.3 | 0.0013 | 2023-10-10 |
CVE-2024-2265 | 1.1 | 5.3 | 0.0010 | 2024-03-07 |
CVE-2024-35144 | 1.1 | 5.3 | 0.0014 | 2025-01-25 |
CVE-2025-0923 | 1.1 | 5.3 | 0.0022 | 2025-06-11 |
CVE-2021-34744 | 1.0 | 4.9 | 0.0030 | 2021-10-06 |
CVE-2021-34757 | 1.0 | 4.9 | 0.0017 | 2021-10-06 |
CVE-2021-1516 | 0.9 | 4.3 | 0.0031 | 2021-05-06 |
CVE-2024-39729 | 0.9 | 4.3 | 0.0008 | 2024-07-15 |
CVE-2024-27257 | 0.9 | 4.3 | 0.0012 | 2024-09-10 |
CVE-2025-36299 | 0.9 | 4.3 | 0.0003 | 2025-11-17 |
CVE-2026-22275 | 0.9 | 4.4 | 0.0001 | 2026-01-23 |
CVE-2024-2355 | 0.7 | 3.7 | 0.0011 | 2024-03-10 |
CVE-2024-9596 | 0.7 | 3.7 | 0.0013 | 2024-10-10 |
CVE-2024-8417 | 0.6 | 3.1 | 0.0013 | 2024-09-04 |