CWE-1104: Use of Unmaintained Third Party Components
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
Last updated
Overview
CWE-1104 (Use of Unmaintained Third Party Components) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
16 recorded CVEs are caused by CWE-1104 (Use of Unmaintained Third Party Components). The highest-severity and most recent are shown first. 5 new CWE-1104 CVEs have been recorded so far in 2026 (6 in 2025).
- CVE-2025-12104
Incorrect Content-Type Header
Critical · CVSS 10.0 · EPSS 29th2025-10-23 - CVE-2023-7102
Remote Code Execution (RCE) Vulnerability
Critical · CVSS 9.8 · EPSS 99th2023-12-24 - CVE-2026-41468
Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection
Critical · CVSS 9.3 · EPSS 31th2026-04-22