CWE-1066: Missing Serialization Control Element
The product contains a serializable data element that does not have an associated serialization method.
Last updated
Overview
CWE-1066 (Missing Serialization Control Element) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Background
As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.
Real-world CVEs
1 recorded CVEs are caused by CWE-1066 (Missing Serialization Control Element). The highest-severity and most recent are shown first. 1 new CWE-1066 CVE has been recorded so far in 2026.
Common consequences
What can happen when CWE-1066 is exploited.
Reduce Reliability
Affects: Other
This issue can prevent the product from running reliably, e.g. by triggering an exception. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.