CWE-313: Cleartext Storage in a File or on Disk
The product stores sensitive information in cleartext in a file, or on disk.
Last updated
Overview
The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Real-world CVEs
28 recorded CVEs are caused by CWE-313 (Cleartext Storage in a File or on Disk). The highest-severity and most recent are shown first. 7 new CWE-313 CVEs have been recorded so far in 2026 (5 in 2025).
- CVE-2016-6538High · CVSS 8.8 · EPSS 61th2018-07-06
- CVE-2024-20448High · CVSS 8.6 · EPSS 2th2024-10-02
- CVE-2026-52783
OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage. .httpx_access_token" leads to Sensitive Data Exposure
High · CVSS 8.2 · EPSS 3th2026-06-26