CWE-340: Generation of Predictable Numbers or Identifiers
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
Last updated
Overview
CWE-340 (Generation of Predictable Numbers or Identifiers) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
31 recorded CVEs are caused by CWE-340 (Generation of Predictable Numbers or Identifiers). The highest-severity and most recent are shown first. 12 new CWE-340 CVEs have been recorded so far in 2026 (13 in 2025).
- CVE-2025-40926
Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely
Critical · CVSS 9.8 · EPSS 23th2026-03-05 - CVE-2026-5081
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure
Critical · CVSS 9.1 · EPSS 14th2026-05-06 - CVE-2025-40931
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id