CWE-1188: Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Last updated
Overview
CWE-1188 (Initialization of a Resource with an Insecure Default) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
149 recorded CVEs are caused by CWE-1188 (Initialization of a Resource with an Insecure Default), including 4 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 53 new CWE-1188 CVEs have been recorded so far in 2026 (40 in 2025).