CWE-524
Use of Cache Containing Sensitive Information
Description
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-204
CVEs mapped to this weakness (29)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48901 | Hig | 0.49 | 7.5 | 0.00 | May 26, 2026 | The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | ||
| CVE-2026-47225 | Med | 0.39 | — | 0.00 | Jun 12, 2026 | Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could… | ||
| CVE-2026-9678 | mod | 0.38 | 5.9 | 0.00 | Jun 17, 2026 | undici: Undici: Information disclosure due to improper cache-control header parsing | ||
| CVE-2026-50170 | hig | 0.38 | — | 0.00 | Jun 15, 2026 | A vulnerability was discovered in `@angular/common` when Server-Side Rendering (SSR) and hydration are enabled. The `HttpTransferCache` utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side… | ||
| CVE-2026-41841 | Med | 0.38 | 5.9 | 0.00 | Jun 9, 2026 | Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. | ||
| CVE-2025-9901 | Med | 0.38 | 5.9 | 0.00 | Sep 3, 2025 | A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached… | ||
| CVE-2025-5141 | Med | 0.36 | 5.5 | 0.00 | Jun 17, 2025 | A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and… | ||
| CVE-2026-30246 | Med | 0.35 | 6.5 | 0.00 | May 5, 2026 | Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can… | ||
| CVE-2025-4233 | Med | 0.33 | — | 0.00 | Jun 12, 2025 | An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies. | ||
| CVE-2024-0874 | Med | 0.28 | 5.3 | 0.01 | Apr 25, 2024 | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | ||
| CVE-2026-32244 | Med | 0.27 | 5.3 | 0.00 | May 19, 2026 | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in… | ||
| CVE-2026-44457 | Med | 0.27 | 5.3 | 0.00 | May 13, 2026 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one… | ||
| CVE-2026-6907 | Med | 0.21 | 4.3 | 0.00 | May 5, 2026 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and served. Earlier, unsupported… | ||
| CVE-2025-64696 | Low | 0.21 | 3.3 | 0.00 | Dec 9, 2025 | Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications. | ||
| CVE-2026-35193 | Low | 0.20 | 3.1 | 0.00 | Jun 3, 2026 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requests bearing that header without `Cache-Control: public`, which allows remote… | ||
| CVE-2026-22741 | Low | 0.20 | 3.1 | 0.00 | Apr 29, 2026 | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is… | ||
| CVE-2025-43410 | Low | 0.16 | 2.4 | 0.00 | Dec 12, 2025 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes. | ||
| CVE-2026-50184 | 0.00 | — | 0.00 | Jun 15, 2026 | An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal… | |||
| CVE-2026-50169 | 0.00 | — | 0.00 | Jun 15, 2026 | An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal… | |||
| CVE-2026-27205 | 0.00 | — | 0.00 | Feb 21, 2026 | Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs… |
- risk 0.49cvss 7.5epss 0.00
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
- risk 0.39cvss —epss 0.00
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could…
- risk 0.38cvss 5.9epss 0.00
undici: Undici: Information disclosure due to improper cache-control header parsing
- risk 0.38cvss —epss 0.00
A vulnerability was discovered in `@angular/common` when Server-Side Rendering (SSR) and hydration are enabled. The `HttpTransferCache` utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side…
- risk 0.38cvss 5.9epss 0.00
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
- risk 0.38cvss 5.9epss 0.00
A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached…
- risk 0.36cvss 5.5epss 0.00
A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and…
- risk 0.35cvss 6.5epss 0.00
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can…
- risk 0.33cvss —epss 0.00
An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.
- risk 0.28cvss 5.3epss 0.01
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
- risk 0.27cvss 5.3epss 0.00
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in…
- risk 0.27cvss 5.3epss 0.00
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one…
- risk 0.21cvss 4.3epss 0.00
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and served. Earlier, unsupported…
- risk 0.21cvss 3.3epss 0.00
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.
- risk 0.20cvss 3.1epss 0.00
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requests bearing that header without `Cache-Control: public`, which allows remote…
- risk 0.20cvss 3.1epss 0.00
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is…
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes.
- CVE-2026-50184Jun 15, 2026risk 0.00cvss —epss 0.00
An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…
- CVE-2026-50169Jun 15, 2026risk 0.00cvss —epss 0.00
An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…
- CVE-2026-27205Feb 21, 2026risk 0.00cvss —epss 0.00
Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs…