CWE-550: Server-generated Error Message Containing Sensitive Information

Certain conditions, such as network failure, will cause a server error message to be displayed.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.

Real-world CVEs

4 recorded CVEs are caused by CWE-550 (Server-generated Error Message Containing Sensitive Information). The highest-severity and most recent are shown first. 1 new CWE-550 CVE has been recorded so far in 2026 (1 in 2025).

CWE-550: Server-generated Error Message Containing Sensitive Information

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Frequently asked questions

What is CWE-550?

What CVEs are caused by CWE-550?

How do you prevent CWE-550?

What are the consequences of CWE-550?

Is CWE-550 actively exploited?

References

Stay ahead of CWE-550

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Related weaknesses

Parent

Frequently asked questions

What is CWE-550?

What CVEs are caused by CWE-550?

How do you prevent CWE-550?

What are the consequences of CWE-550?

Is CWE-550 actively exploited?

References

Stay ahead of CWE-550