Cyber Posture

CWE · MITRE source

CWE-779Logging of Excessive Data

Abstraction: Base · CVEs in our corpus: 18

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

While logging is a good practice in general, and very high levels of logging are appropriate for debugging stages of development, too much logging in a production environment might hinder a system administrator's ability to detect anomalous conditions. This can provide cover for an attacker while attempting to penetrate a system, clutter the audit trail for forensic analysis, or make it more difficult to debug problems in a production environment.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
AU-7Audit Record Reduction and Report GenerationAUAudit record reduction explicitly manages excessive log volumes for review and reporting while preserving original content and ordering, reducing the impact of logging excessive data.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-364164.48.60.44702024-06-10
CVE-2024-360722.39.80.05932024-06-27
CVE-2022-310041.57.50.00152022-06-02
CVE-2024-556281.57.50.00542025-01-06
CVE-2025-86961.57.50.00122025-09-10
CVE-2026-287181.57.50.00102026-03-06
CVE-2021-254201.15.50.00102021-06-11
CVE-2021-254211.15.50.00102021-06-11
CVE-2021-254221.15.50.00102021-06-11
CVE-2021-254231.15.50.00102021-06-11
CVE-2022-222911.15.50.00042022-02-11
CVE-2023-239491.15.40.00712023-01-26
CVE-2024-11411.15.50.00032024-02-01
CVE-2025-536361.15.40.00262025-07-11
CVE-2025-513971.15.40.00512025-07-21
CVE-2025-692301.15.30.00012026-01-06
CVE-2022-257790.94.30.00342022-05-04
CVE-2022-398740.84.00.00062022-10-07