Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-532 (通过日志文件的信息暴露) — Vulnerability Class 627

627 vulnerabilities classified as CWE-532 (通过日志文件的信息暴露). AI Chinese analysis included.

CWE-532 represents a critical information disclosure weakness where software inadvertently records sensitive data, such as passwords, credit card numbers, or personal identifiers, into log files. This vulnerability is typically exploited by attackers who gain access to these logs through insufficient file permissions, insecure storage practices, or compromised administrative accounts. Once accessed, the exposed data can be harvested for identity theft, financial fraud, or further system intrusion. To prevent this, developers must implement strict data sanitization protocols, ensuring that sensitive fields are masked or excluded before logging. Additionally, employing robust access controls and encryption for log storage, alongside regular audits of logging configurations, helps mitigate the risk of accidental exposure. By treating log files as potential repositories of confidential information, organizations can significantly reduce their attack surface and maintain compliance with data protection standards.

MITRE CWE Description
The product writes sensitive information to a log file.
Common Consequences (1)
ConfidentialityRead Application Data
Logging sensitive user data, full path names, or system information often provides attackers with an additional, less-protected path to acquiring the information.
Mitigations (4)
Architecture and Design, ImplementationConsider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
DistributionRemove debug log files before deploying the application into production.
OperationProtect log files against unauthorized read/write.
ImplementationAdjust configurations appropriately when software is transitioned from a debug state to production.
Examples (2)
In the following code snippet, a user's full name and credit card number are written to a log file.
logger.info("Username: " + usernme + ", CCN: " + ccn);
Bad · Java
This code stores location information about the current user:
locationClient = new LocationClient(this, this, this); locationClient.connect(); currentUser.setLocation(locationClient.getLastLocation()); ... catch (Exception e) { AlertDialog.Builder builder = new AlertDialog.Builder(this); builder.setMessage("Sorry, this application has experienced an error."); AlertDialog alert = builder.create(); alert.show(); Log.e("ExampleActivity", "Caught exception: " + e + " While on User:" + User.toString()); }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS — GlobalProtect App--2026-06-10
CVE-2026-9735 Keyfile contents are in MongoDB Server logs — MongoDB Server 5.5 Medium2026-06-09
CVE-2026-9751 Sensitive data could be written to mongod.log — MongoDB Server 5.5 Medium2026-06-09
CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode — fabric-chaincode-java 5.5 Medium2026-06-08
CVE-2026-50205 Plaintext Log Credential Leakage — Connect M6E 5G Portable WiFi Router--2026-06-04
CVE-2026-40619 Security Center部分版本本地权限提升漏洞 — Genetec Security Center 7.8 High2026-06-02
CVE-2026-49200 Acer Wave 7 router: Broken Access Control — Wave 7 router--2026-05-29
CVE-2026-6720 Calicoctl leaks cluster credentials to stderr when verbose logging is enabled — Calico--2026-05-28
CVE-2026-41185 ServiceAccount token disclosure via Azure IPAM CNI plugin logs — Calico--2026-05-28
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs — Calico--2026-05-28
CVE-2026-32996 Veeam Agent for Microsoft Windows 安全漏洞 — Backup and Replication--2026-05-28
CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images — MQ Operator 5.1 Medium2026-05-27
CVE-2025-13755 IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets — Db2 5.5 Medium2026-05-26
CVE-2026-25193 Gallagher Command Centre Service 安全漏洞 — Command Centre Server 8.1 High2026-05-25
CVE-2021-21508 Dell VxRail 日志信息泄露漏洞 — VxRail 6.7 Medium2026-05-22
CVE-2026-8671 Log Files contain encrypted secrets — Avantra 7.5 High2026-05-22
CVE-2026-44052 LDAP simple-bind password exposure in log output — Netatalk 7.5 High2026-05-21
CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise — Splunk Enterprise 7.5 High2026-05-20
CVE-2026-44516 Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer — valtimo 7.6 High2026-05-14
CVE-2026-41219 BIG-IP QKView vulnerability — BIG-IP 6.5 Medium2026-05-13
CVE-2026-8200 Schema validation log messages may not redact user data — MongoDB Server 2.7 Low2026-05-13
CVE-2026-41018 Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL — Apache Airflow Providers Elasticsearch--2026-05-11
CVE-2026-43826 Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL — Apache Airflow Providers OpenSearch--2026-05-11
CVE-2026-42282 n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode — n8n-mcp 4.3 Medium2026-05-08
CVE-2026-41495 n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests — n8n-mcp 5.3 Medium2026-05-08
CVE-2026-41004 VMware Spring Cloud Config 日志信息泄露漏洞 — Spring Cloud Config 4.4 Medium2026-05-07
CVE-2024-30151 HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability — BigFix Service Management (SM) 8.3 High2026-05-06
CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs — PaperCut Hive 6.5 -2026-05-05
CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure — oxia 7.5AIHighAI2026-04-21
CVE-2026-23775 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain appliances 7.6 High2026-04-17

Vulnerabilities classified as CWE-532 (通过日志文件的信息暴露) represent 627 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.