CWE-909: Missing Initialization of Resource
The product does not initialize a critical resource.
Last updated
Overview
Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.
Real-world CVEs
14 recorded CVEs are caused by CWE-909 (Missing Initialization of Resource). The highest-severity and most recent are shown first. 1 new CWE-909 CVE has been recorded so far in 2026 (4 in 2025).