CWE-1188

Initialization of a Resource with an Insecure Default

Parent: CWE-1419 - Incorrect Initialization of Resource

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

288 vulnerabilities with CWE-1188
CVE-2026-43527 HIGH
OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation
CVSS 7.7
CVE-2026-39920 CRITICAL
BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE
CVSS 9.8
CVE-2026-6043 HIGH
Insecure Default Configuration in P4 Server
CVE-2026-41679 CRITICAL
Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
CVSS 10.0
CVE-2026-32965 HIGH
SD-330AC Ver.1.42 - Insecure Default
CVSS 7.5
CVE-2026-28205 CRITICAL
Initialization of a resource with an insecure default in OpenPLC_V3
CVSS 9.8
CVE-2026-34780 HIGH
Electron: Context Isolation bypass via contextBridge VideoFrame transfer
CVSS 8.3
CVE-2026-31818 CRITICAL
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
CVSS 9.6
CVE-2026-34742 HIGH
Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost
CVSS 8.1
CVE-2026-24148 HIGH
NVIDIA Jetson Xavier Series and Jetson Orin Series < 35.6.4 - Insecure Default Resource Initialization
CVSS 8.3
CVE-2026-32046 MEDIUM
OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag
CVSS 5.3
CVE-2026-32305 MEDIUM
Traefik mTLS bypass via fragmented ClientHello SNI extraction failure
CVSS 5.3
CVE-2026-33072 HIGH
FileRise: Default Encryption Key Enables Token Forgery and Config Decryption
CVSS 8.2
CVE-2026-33037 HIGH
WWBN AVideo has predictable default admin credentials in official Docker deployment path
CVSS 8.1
CVE-2026-32617 HIGH
AnythingLLM <= 1.11.1 - Unauthenticated Cross-Origin Resource Sharing Misconfiguration
CVSS 7.1
CVE-2026-31957 CRITICAL
Himmelblau 3.0.0-3.1.0 - Auth Bypass
CVSS 10.0
CVE-2026-26122 MEDIUM
Microsoft ACI Confidential Containers - Info Disclosure
CVSS 6.5
CVE-2026-28775 CRITICAL
IDC SFX Series SuperFlex SatelliteReceiver - Default SNMP Community Root Command Execution
CVSS 9.8
CVE-2026-2617 MEDIUM
Beetel 777VR1 <=01.00.09 - Insecure Default
CVSS 6.3
CVE-2026-25894 CRITICAL
FUXA <1.2.9 - Remote Code Execution
CVSS 9.8
CVE-2026-1675 MEDIUM
WordPress Advanced Country Blocker <2.3.1 - Auth Bypass
CVSS 5.3
CVE-2026-25499 HIGH
bpg terraform-provider-proxmox < 0.93.1 - Path Traversal via SSH Sudoer Configuration
CVSS 7.5
CVE-2025-31974 LOW
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only
CVSS 3.9
CVE-2025-70998 CRITICAL
UTT HiPER 810 v1.5.0-140603 - Auth Bypass
CVSS 9.8
CVE-2025-69970 CRITICAL
FUXA - Insecure Default Configuration with Authentication Disabled
CVSS 9.3
Details
Vulnerabilities 288
Links
MITRE CWE Entry Search this CWE With Exploits