CWE-1066 – Missing Serialization Control Element | Common Weakness Enumeration (CWE)

Overview

CWE-1066 (Missing Serialization Control Element) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product contains a serializable data element that does not have an associated serialization method.

Background details

Extended context from the CWE catalog (rendered from MITRE XHTML).

As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2026-4372	2026-05-24	A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.…

Content submission

Name: CWE Content Team
Organization: MITRE
Date: 2018-07-02
Version: 3.2
Comment: Entry derived from Common Quality Enumeration (CQE) Draft 0.9.

Content modifications

Date	Name	Version	Importance	Comment
2020-02-24	CWE Content Team	4.0	—	updated Description
2020-08-20	CWE Content Team	4.2	—	updated Relationships
2023-01-31	CWE Content Team	4.10	—	updated Description
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2024-02-29	CWE Content Team	4.14	—	updated Mapping_Notes
2025-12-11	CWE Content Team	4.19	—	updated Applicable_Platforms, Background_Details, Common_Consequences, Description, Time_of_Introduction