The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

What CVEs are caused by CWE-319?

459 recorded CVEs are attributed to CWE-319, including CVE-2025-47419, CVE-2015-0987, CVE-2026-48902.

How do you prevent CWE-319?

Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.

How is CWE-319 detected?

Black Box: Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.

What are the consequences of CWE-319?

Exploiting CWE-319 can lead to: Read Application Data, Modify Files or Directories, Other.

Is CWE-319 actively exploited?

459 recorded CVEs are caused by CWE-319; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-319: Cleartext Transmission of Sensitive Information

Real-world CVEs

459 recorded CVEs are caused by CWE-319 (Cleartext Transmission of Sensitive Information). The highest-severity and most recent are shown first. 77 new CWE-319 CVEs have been recorded so far in 2026 (104 in 2025).

Showing 12 of 459 recorded CWE-319 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-319 vulnerabilities

CWE-319: Cleartext Transmission of Sensitive Information

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following code attempts to establish a connection to a site to communicate sensitive information.

Vulnerable example

java

try {

Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors.

In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications.

Multiple vendors used cleartext transmission of sensitive information in their OT products.

A TAP accessible register is read/written by a JTAG based tool, for internal use by authorized users. However, an adversary can connect a probing device and collect the values from the unencrypted channel connecting the JTAG interface to the authorized user, if no additional protections are employed.

The following Azure CLI command lists the properties of a particular storage account:

Example

bash

az storage account show -g {ResourceGroupName} -n {StorageAccountName}

Vulnerable example

json

Safe example

bash

az storage account update -g {ResourceGroupName} -n {StorageAccountName} --https-only true

Safe example

json

Real-world CVEs

CWE-319: Cleartext Transmission of Sensitive Information

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Black Box

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-319?

What CVEs are caused by CWE-319?

How do you prevent CWE-319?

How is CWE-319 detected?

What are the consequences of CWE-319?

Is CWE-319 actively exploited?

References

Stay ahead of CWE-319

Real-world CVEs

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Black Box

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Related

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-319?

What CVEs are caused by CWE-319?

How do you prevent CWE-319?

How is CWE-319 detected?

What are the consequences of CWE-319?

Is CWE-319 actively exploited?

References

Stay ahead of CWE-319