VYPR

CWE-524

Use of Cache Containing Sensitive Information

BaseIncomplete

Description

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-204

CVEs mapped to this weakness (29)

page 1 of 2
  • CVE-2026-48901HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

  • CVE-2026-47225MedJun 12, 2026
    risk 0.39cvss epss 0.00

    Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could…

  • CVE-2026-9678modJun 17, 2026
    risk 0.38cvss 5.9epss 0.00

    undici: Undici: Information disclosure due to improper cache-control header parsing

  • CVE-2026-50170higJun 15, 2026
    risk 0.38cvss epss 0.00

    A vulnerability was discovered in `@angular/common` when Server-Side Rendering (SSR) and hydration are enabled. The `HttpTransferCache` utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side…

  • CVE-2026-41841MedJun 9, 2026
    risk 0.38cvss 5.9epss 0.00

    Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

  • CVE-2025-9901MedSep 3, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached…

  • CVE-2025-5141MedJun 17, 2025
    risk 0.36cvss 5.5epss 0.00

    A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and…

  • CVE-2026-30246MedMay 5, 2026
    risk 0.35cvss 6.5epss 0.00

    Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can…

  • CVE-2025-4233MedJun 12, 2025
    risk 0.33cvss epss 0.00

    An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.

  • CVE-2024-0874MedApr 25, 2024
    risk 0.28cvss 5.3epss 0.01

    A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

  • CVE-2026-32244MedMay 19, 2026
    risk 0.27cvss 5.3epss 0.00

    Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in…

  • CVE-2026-44457MedMay 13, 2026
    risk 0.27cvss 5.3epss 0.00

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one…

  • CVE-2026-6907MedMay 5, 2026
    risk 0.21cvss 4.3epss 0.00

    An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and served. Earlier, unsupported…

  • CVE-2025-64696LowDec 9, 2025
    risk 0.21cvss 3.3epss 0.00

    Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.

  • CVE-2026-35193LowJun 3, 2026
    risk 0.20cvss 3.1epss 0.00

    An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requests bearing that header without `Cache-Control: public`, which allows remote…

  • CVE-2026-22741LowApr 29, 2026
    risk 0.20cvss 3.1epss 0.00

    Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is…

  • CVE-2025-43410LowDec 12, 2025
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes.

  • CVE-2026-50184Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…

  • CVE-2026-50169Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…

  • CVE-2026-27205Feb 21, 2026
    risk 0.00cvss epss 0.00

    Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs…