- What is CWE-215?
- The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
- What CVEs are caused by CWE-215?
- 14 recorded CVEs are attributed to CWE-215, including CVE-2026-40173, CVE-2019-3781, CVE-2018-1191.
- Is CWE-215 part of the OWASP Top 10?
- CWE-215 maps to OWASP Top Ten 2007: Information Leakage and Improper Error Handling (A6) in the OWASP security taxonomy.
- How do you prevent CWE-215?
- Do not leave debug statements that could be executed in the source code. Ensure that all debug information is eradicated before releasing the software.
- How is CWE-215 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-215?
- Exploiting CWE-215 can lead to: Read Application Data.
- Is CWE-215 actively exploited?
- 14 recorded CVEs are caused by CWE-215; none are currently in CISA's KEV catalog of actively exploited flaws.