CWE-1242: Inclusion of Undocumented Features or Chicken Bits
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
Last updated
Overview
A common design practice is to use undocumented bits on a device that can be used to disable certain functional security features. These bits are commonly referred to as "chicken bits". They can facilitate quick identification and isolation of faulty components, features that negatively affect performance, or features that do not provide the required controllability for debug and test. Another way to achieve this is through implementation of undocumented features.
Real-world CVEs
13 recorded CVEs are caused by CWE-1242 (Inclusion of Undocumented Features or Chicken Bits). The highest-severity and most recent are shown first. 4 new CWE-1242 CVEs have been recorded so far in 2026 (5 in 2025).