Variant weakness
Log in
The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.
Last updated
Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.
3 recorded CVEs are caused by CWE-780 (Use of RSA Algorithm without OAEP). The highest-severity and most recent are shown first. 0 new CWE-780 CVEs have been recorded so far in 2026 (2 in 2025).
What can happen when CWE-780 is exploited.
Bypass Protection Mechanism
Affects: Access Control
Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext.
Typically introduced during these phases of the software lifecycle.
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness: High
Illustrative examples from MITRE showing how the weakness appears in code.
The example below attempts to build an RSA cipher.
Vulnerable example
public Cipher getRSACipher() {Safe example
public Cipher getRSACipher() {While the previous code successfully creates an RSA cipher, the cipher does not use padding. The following code creates an RSA cipher using OAEP.
Common questions about CWE-780.
The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.
3 recorded CVEs are attributed to CWE-780, including CVE-2022-40722, CVE-2024-51456, CVE-2025-9071.
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Exploiting CWE-780 can lead to: Bypass Protection Mechanism.
3 recorded CVEs are caused by CWE-780; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-780 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.