Base weakness
Incomplete
CWE-1066: Missing Serialization Control Element
The product contains a serializable data element that does not have an associated serialization method.
Last updated
Log in
The product contains a serializable data element that does not have an associated serialization method.
Last updated
CWE-1066 (Missing Serialization Control Element) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.
1 recorded CVEs are caused by CWE-1066 (Missing Serialization Control Element). The highest-severity and most recent are shown first. 1 new CWE-1066 CVE has been recorded so far in 2026.
What can happen when CWE-1066 is exploited.
Reduce Reliability
Affects: Other
This issue can prevent the product from running reliably, e.g. by triggering an exception. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.
Typically introduced during these phases of the software lifecycle.
Common questions about CWE-1066.
The product contains a serializable data element that does not have an associated serialization method.
1 recorded CVEs are attributed to CWE-1066, including CVE-2026-4372.
Exploiting CWE-1066 can lead to: Reduce Reliability.
1 recorded CVEs are caused by CWE-1066; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-1066 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.