Skip to main content

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

64 CVEs Avg CVSS 6.0 MITRE
2
CRITICAL
22
HIGH
32
MEDIUM
8
LOW
10
POC
0
KEV

Monthly

CVE-2026-53604 Go HIGH PATCH GHSA This Week

Sensitive CA key exposure in forgekeep/nebula-mesh (<= 0.3.7) leaves the decrypted ed25519 CA signing key resident on the Go heap after web-UI mobile-bundle requests, because mobilebundle.Build never calls CAManager.Wipe() on any return path. An attacker who can read the process's memory (core dump, swap, or memory scraping) can recover the plaintext CA key and mint arbitrary host certificates for the mesh. There is no public exploit identified at time of analysis, this is not in CISA KEV, and no CVSS or EPSS score was supplied; the vendor 'RCE' tag overstates the direct impact, which is confidential-key disclosure rather than code execution.

RCE
NVD GitHub
CVE-2026-54421 MEDIUM PATCH This Month

Unredacted iSCSI credential disclosure in OpenStack Ironic through 35.0.1 occurs specifically when an authenticated operator issues a PATCH request to update authorized fields in a node's volume properties - the API response returns sensitive data such as iSCSI CHAP usernames and secrets in plaintext. The scope change reflected in the CVSS (S:C) is meaningful: leaked storage credentials extend the blast radius beyond Ironic itself to the underlying iSCSI storage infrastructure. Notably, the same volume properties endpoint does not exhibit this behavior on POST requests, isolating the flaw to the PATCH response serialization path. No public exploit code has been identified and the vulnerability is not listed in CISA KEV.

Information Disclosure Ironic Red Hat Suse
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-46657 HIGH PATCH This Week

Authentication bypass in Bludit CMS versions prior to 3.22.0 allows deactivated user accounts to retain authenticated access through persistent 'Remember Me' cookies, because the disable-account workflow fails to invalidate tokenAuth and tokenRemember values stored in the JSON database. Any user who previously logged in with the persistent session option can continue to act with their original privileges even after an administrator disables them. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Bludit
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-36178 MEDIUM This Month

Factory reset in GNCC GP5 firmware v7.1.76 fails to purge cryptographic material from the JFFS2 configuration partition, leaving sensitive user data recoverable after a reset operation. An attacker with physical access to a reset device - such as a discarded, resold, or stolen unit - can read the raw flash storage and extract retained secrets. No public exploit identified at time of analysis as KEV-confirmed active exploitation, though a publicly available proof-of-concept exists per SSVC data and researcher publication.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-45046 Go MEDIUM PATCH GHSA This Month

Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive `file-write` content remains in the stored `payload` as `ContentPreview`, `OldString`, or `NewString` at the default `standard` logging level and at `full`. This leads to logging of potentially sensitive file content in the local sqlite database, violating Gryphs sensitive file filter and log level contracts. Potentially sensitive data accessed or written by coding agents may be logged to local sqlite database. Users of Gryph are affected ONLY if their local sqlite database is stolen or exported to remote system with the assumption that no sensitive data is logged. Fixed in v0.7.0

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-43384 HIGH PATCH This Week

A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fl Mguard 2102 Fl Mguard 2105 Fl Mguard 4102 Pci Fl Mguard 4102 Pcie +32
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-42186 Go LOW PATCH GHSA Monitor

OpenBao namespace deletion fails to properly clean up data and revoke leases when the initial deletion attempt is interrupted, potentially leaving orphaned storage entries and outstanding leases in the system. Subsequent retry attempts to delete the same namespace do not trigger proper cleanup, creating information disclosure and data integrity risks. This affects OpenBao versions prior to v2.5.3, with a vendor-released patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-43528 npm HIGH PATCH GHSA This Week

Authenticated configuration readers in OpenClaw gateway deployments can extract unredacted sensitive credentials through alias field bypass in versions prior to 2026.4.14. Attackers with legitimate config read permissions exploit sourceConfig and runtimeConfig alias fields to obtain provider API keys, gateway authentication tokens, and channel credentials that the redaction mechanism fails to sanitize. The vulnerability affects npm package 'openclaw' in gateway configurations where authenticated clients have config read access, confirmed fixed by vendor in version 2026.4.14 with patch commit 86734ef. CVSS 7.1 reflects network-accessible attack requiring low privileges with high confidentiality impact; no public exploit identified at time of analysis, though technical details published in GHSA-8372-7vhw-cm6q enable reproduction.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-43824 Go HIGH PATCH This Week

Authenticated users with low privileges can read cleartext Kubernetes Secret data through Argo CD's ServerSideDiff feature in versions 3.2.0-3.2.10 and 3.3.0-3.3.8. This scope-changing vulnerability (CVSS:3.1 S:C) allows attackers to access sensitive credential data managed by Kubernetes, including database passwords, API tokens, and certificates, by exploiting the server-side diff functionality. With a 7.7 CVSS score and low attack complexity (AC:L), this represents a significant confidentiality breach requiring only network access and basic authentication-no public exploit identified at time of analysis, but the technical barrier to exploitation is minimal.

Information Disclosure Kubernetes Argo Cd
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-20928 MEDIUM PATCH Exploit Unlikely This Month

Windows Recovery Environment Agent improperly stores sensitive information without adequate removal, allowing physical attackers to extract confidential data and bypass security features. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, Windows Server 2016-2025, and Server Core installations across multiple builds. Microsoft has released vendor patches to remediate the information disclosure.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
4.6
EPSS
0.2%
HIGH PATCH This Week

Sensitive CA key exposure in forgekeep/nebula-mesh (<= 0.3.7) leaves the decrypted ed25519 CA signing key resident on the Go heap after web-UI mobile-bundle requests, because mobilebundle.Build never calls CAManager.Wipe() on any return path. An attacker who can read the process's memory (core dump, swap, or memory scraping) can recover the plaintext CA key and mint arbitrary host certificates for the mesh. There is no public exploit identified at time of analysis, this is not in CISA KEV, and no CVSS or EPSS score was supplied; the vendor 'RCE' tag overstates the direct impact, which is confidential-key disclosure rather than code execution.

RCE
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Unredacted iSCSI credential disclosure in OpenStack Ironic through 35.0.1 occurs specifically when an authenticated operator issues a PATCH request to update authorized fields in a node's volume properties - the API response returns sensitive data such as iSCSI CHAP usernames and secrets in plaintext. The scope change reflected in the CVSS (S:C) is meaningful: leaked storage credentials extend the blast radius beyond Ironic itself to the underlying iSCSI storage infrastructure. Notably, the same volume properties endpoint does not exhibit this behavior on POST requests, isolating the flaw to the PATCH response serialization path. No public exploit code has been identified and the vulnerability is not listed in CISA KEV.

Information Disclosure Ironic Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authentication bypass in Bludit CMS versions prior to 3.22.0 allows deactivated user accounts to retain authenticated access through persistent 'Remember Me' cookies, because the disable-account workflow fails to invalidate tokenAuth and tokenRemember values stored in the JSON database. Any user who previously logged in with the persistent session option can continue to act with their original privileges even after an administrator disables them. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Bludit
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM This Month

Factory reset in GNCC GP5 firmware v7.1.76 fails to purge cryptographic material from the JFFS2 configuration partition, leaving sensitive user data recoverable after a reset operation. An attacker with physical access to a reset device - such as a discarded, resold, or stolen unit - can read the raw flash storage and extract retained secrets. No public exploit identified at time of analysis as KEV-confirmed active exploitation, though a publicly available proof-of-concept exists per SSVC data and researcher publication.

Information Disclosure N A
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive `file-write` content remains in the stored `payload` as `ContentPreview`, `OldString`, or `NewString` at the default `standard` logging level and at `full`. This leads to logging of potentially sensitive file content in the local sqlite database, violating Gryphs sensitive file filter and log level contracts. Potentially sensitive data accessed or written by coding agents may be logged to local sqlite database. Users of Gryph are affected ONLY if their local sqlite database is stolen or exported to remote system with the assumption that no sensitive data is logged. Fixed in v0.7.0

Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fl Mguard 2102 Fl Mguard 2105 +34
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

OpenBao namespace deletion fails to properly clean up data and revoke leases when the initial deletion attempt is interrupted, potentially leaving orphaned storage entries and outstanding leases in the system. Subsequent retry attempts to delete the same namespace do not trigger proper cleanup, creating information disclosure and data integrity risks. This affects OpenBao versions prior to v2.5.3, with a vendor-released patch available.

Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated configuration readers in OpenClaw gateway deployments can extract unredacted sensitive credentials through alias field bypass in versions prior to 2026.4.14. Attackers with legitimate config read permissions exploit sourceConfig and runtimeConfig alias fields to obtain provider API keys, gateway authentication tokens, and channel credentials that the redaction mechanism fails to sanitize. The vulnerability affects npm package 'openclaw' in gateway configurations where authenticated clients have config read access, confirmed fixed by vendor in version 2026.4.14 with patch commit 86734ef. CVSS 7.1 reflects network-accessible attack requiring low privileges with high confidentiality impact; no public exploit identified at time of analysis, though technical details published in GHSA-8372-7vhw-cm6q enable reproduction.

Authentication Bypass Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Authenticated users with low privileges can read cleartext Kubernetes Secret data through Argo CD's ServerSideDiff feature in versions 3.2.0-3.2.10 and 3.3.0-3.3.8. This scope-changing vulnerability (CVSS:3.1 S:C) allows attackers to access sensitive credential data managed by Kubernetes, including database passwords, API tokens, and certificates, by exploiting the server-side diff functionality. With a 7.7 CVSS score and low attack complexity (AC:L), this represents a significant confidentiality breach requiring only network access and basic authentication-no public exploit identified at time of analysis, but the technical barrier to exploitation is minimal.

Information Disclosure Kubernetes Argo Cd
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH Exploit Unlikely This Month

Windows Recovery Environment Agent improperly stores sensitive information without adequate removal, allowing physical attackers to extract confidential data and bypass security features. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, Windows Server 2016-2025, and Server Core installations across multiple builds. Microsoft has released vendor patches to remediate the information disclosure.

Information Disclosure Microsoft
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy