BaseIncomplete

CWE-1104Use of Unmaintained Third Party Components

Category: other

Description

The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

Common consequences· 1

  • Other — Reduce Maintainability, Varies by Context
    Relying on unmaintained components makes it difficult or impossible to fix significant bugs and vulnerabilities, can render code obsolete, and undermine security by complicating maintenance and increasing the risk of new vulnerabilities.

References

  1. https://cwe.mitre.org/data/definitions/1104.html

Compliance frameworks addressing this (incoming)3

TypeTargetConfidenceTier
ComplianceControlcra-annexi-3100%live
ComplianceControlowasp_top10-a06100%live
ComplianceControldora-art28100%live

(incoming)8

TypeTargetConfidenceTier
VulnerabilityCVE-2025-10220cve-2025-102200%live
VulnerabilityCVE-2025-12104cve-2025-121040%live
VulnerabilityCVE-2025-34192cve-2025-341920%live
VulnerabilityCVE-2025-34193cve-2025-341930%live
VulnerabilityCVE-2025-3497cve-2025-34970%live
VulnerabilityCVE-2025-40906cve-2025-409060%live
VulnerabilityCVE-2026-21821cve-2026-218210%live
VulnerabilityCVE-2026-41468cve-2026-414680%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Dependency on Vulnerable Third-Party Component
CWE
Use of Platform-Dependent Third Party Components
CWE
Reliance on Insufficiently Trustworthy Component
CWE
Reliance on Component That is Not Updateable
CWE
Use of Prohibited Code
CWE
Singleton Class Instance Creation without Proper Locking or Synchronization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.