BaseDraft

CWE-215Insertion of Sensitive Information Into Debugging Code

Category: data-exposure

Description

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the product is operating in a production environment, then this sensitive information may be exposed to attackers.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 2

  • [Implementation]Do not leave debug statements that could be executed in the source code. Ensure that all debug information is eradicated before releasing the software.
  • [Architecture and Design]

References

  1. https://cwe.mitre.org/data/definitions/215.html

Compliance frameworks addressing this (incoming)2

TypeTargetConfidenceTier
ComplianceControlowasp_api_top10-api09100%live
ComplianceControlowasp_top10-a05100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2026-40173cve-2026-401730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Debug Messages Revealing Unnecessary Information
CWE
Insertion of Sensitive Information into Log File
CWE
Generation of Error Message Containing Sensitive Information
CWE
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE
Internal Asset Exposed to Unsafe Debug Access Level or State
CWE
Insecure Storage of Sensitive Information
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.