CWE-127: Buffer Under-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
Last updated
Overview
CWE-127 (Buffer Under-read) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
8 recorded CVEs are caused by CWE-127 (Buffer Under-read). The highest-severity and most recent are shown first. 2 new CWE-127 CVEs have been recorded so far in 2026 (3 in 2025).