The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

What CVEs are caused by CWE-401?

563 recorded CVEs are attributed to CWE-401, including CVE-2023-26083, CVE-2024-25450, CVE-2023-33718. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

Is CWE-401 part of the OWASP Top 10?

CWE-401 maps to OWASP Top Ten 2004: Denial of Service (A9) in the OWASP security taxonomy.

How do you prevent CWE-401?

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.

How is CWE-401 detected?

Fuzzing: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

What are the consequences of CWE-401?

Exploiting CWE-401 can lead to: DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), Reduce Performance.

Is CWE-401 actively exploited?

Yes. 1 CWE-401 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 563 recorded CVEs.

CWE-401: Missing Release of Memory after Effective Lifetime (Memory Leak)

Real-world CVEs

563 recorded CVEs are caused by CWE-401 (Missing Release of Memory after Effective Lifetime), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 49 new CWE-401 CVEs have been recorded so far in 2026 (268 in 2025).

CVE-2023-26083
CISA KEV
Medium · CVSS 4.8 · EPSS 69th
2023-04-06
CVE-2024-25450
High · CVSS 8.8 · EPSS 47th
2024-02-09
CVE-2023-33718
High · CVSS 8.8 · EPSS 49th
2023-05-31
CVE-2026-0646
Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities
High · CVSS 8.7
2026-06-16
CVE-2026-48059
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
High · CVSS 8.7 · EPSS 44th
2026-06-12
CVE-2026-48006
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
High · CVSS 8.7 · EPSS 44th
2026-06-12
CVE-2026-44660
UltraJSON: Memory Leak in ujson.dump() on Write Failure
High · CVSS 8.7 · EPSS 29th
2026-05-27
CVE-2026-33782
Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts
High · CVSS 8.7 · EPSS 20th
2026-04-09
CVE-2026-3650
Grassroots DICOM Missing release of memory after effective lifetime
High · CVSS 8.7 · EPSS 27th
2026-03-26
CVE-2025-14027
Rockwell Automation Recommends Upgrading From 1756-RM2 XT To 1756-RM3 XT
High · CVSS 8.7 · EPSS 27th
2026-01-20
CVE-2025-61974
BIG-IP SSL/TLS vulnerability
High · CVSS 8.7 · EPSS 33th
2025-10-15
CVE-2025-30658
Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop
High · CVSS 8.7 · EPSS 26th
2025-04-09

Showing 12 of 563 recorded CWE-401 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-401 vulnerabilities

CWE-401: Missing Release of Memory after Effective Lifetime (Memory Leak)

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:

Vulnerable example

char* getBlock(int fd) {

Real-world CVEs

CWE-401: Missing Release of Memory after Effective Lifetime

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Dynamic Analysis

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-401?

What CVEs are caused by CWE-401?

Is CWE-401 part of the OWASP Top 10?

How do you prevent CWE-401?

How is CWE-401 detected?

What are the consequences of CWE-401?

Is CWE-401 actively exploited?

References

Stay ahead of CWE-401

Real-world CVEs

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Dynamic Analysis

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Related

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-401?

What CVEs are caused by CWE-401?

Is CWE-401 part of the OWASP Top 10?

How do you prevent CWE-401?

How is CWE-401 detected?

What are the consequences of CWE-401?

Is CWE-401 actively exploited?

References

Stay ahead of CWE-401