CWE · MITRE source
CWE-656Reliance on Security Through Obscurity
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.
This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2026-42363 | 1.9 | 9.3 | 0.0003 | 2026-04-27 |
CVE-2026-7161 | 1.9 | 9.3 | 0.0004 | 2026-05-04 |
CVE-2020-10284 | 1.8 | 9.1 | 0.0046 | 2020-07-15 |
CVE-2020-10286 | 1.8 | 8.8 | 0.0019 | 2020-07-15 |
CVE-2024-9138 | 1.5 | 7.2 | 0.0018 | 2025-01-03 |
CVE-2020-10277 | 1.3 | 6.4 | 0.0006 | 2020-06-24 |
CVE-2024-5244 | 0.8 | 4.2 | 0.0008 | 2024-05-23 |
CVE-2025-25983 | 0.7 | 3.4 | 0.0016 | 2025-04-18 |
CVE-2024-12297 | 0.0 | 0.0 | 0.0017 | 2025-01-15 |
CVE-2025-7020 | 0.0 | 0.0 | 0.0003 | 2025-08-09 |
CVE-2025-59093 | 0.0 | 0.0 | 0.0002 | 2026-01-26 |