Description
The product uses an environment variable to store unencrypted sensitive information.
Extended Description
Information stored in an environment variable can be accessible by other processes with the execution context, including child processes that dependencies are executed in, or serverless functions in cloud environments. An environment variable's contents can also be inserted into messages, headers, log files, or other outputs. Often these other dependencies have no need to use the environment variable in question. A weakness that discloses environment variables could expose this information.
CVE vulnerabilities with CWE-526 (18)
7.7
CVSS
HIGH
CVE-2026-45370
pub. 2026-05-14
7.7
CVSS
HIGH
CVE-2023-5720
pub. 2023-11-15
7.5
CVSS
HIGH
CVE-2025-28381
pub. 2025-06-13
7.4
CVSS
HIGH
CVE-2026-40153
pub. 2026-04-09
7.0
CVSS
HIGH
CVE-2024-2700
pub. 2024-04-04
6.8
CVSS
MEDIUM
CVE-2023-43029
pub. 2025-03-21
6.8
CVSS
MEDIUM
CVE-2024-4369
pub. 2024-05-01
6.5
CVSS
MEDIUM
CVE-2025-36017
pub. 2025-12-08
6.5
CVSS
MEDIUM
CVE-2024-12604
pub. 2025-03-10
5.5
CVSS
MEDIUM
CVE-2025-0985
pub. 2025-02-28
5.3
CVSS
MEDIUM
CVE-2025-27899
pub. 2026-02-17
5.0
CVSS
MEDIUM
CVE-2014-2377
pub. 2014-09-15
4.9
CVSS
MEDIUM
CVE-2025-9162
pub. 2025-08-21
4.9
CVSS
MEDIUM
CVE-2024-11736
pub. 2025-01-14
4.4
CVSS
MEDIUM
CVE-2025-36105
pub. 2026-03-10
4.3
CVSS
MEDIUM
CVE-2026-49377
pub. 2026-05-29
3.3
CVSS
LOW
CVE-2023-47615
pub. 2023-11-09
3.1
CVSS
LOW
CVE-2023-35931
pub. 2023-06-23