CWE-1329 – Reliance on Component That is Not Updateable | Common Weakness Enumeration (CWE)

Overview

CWE-1329 (Reliance on Component That is Not Updateable) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	—	Not Technology-Specific	Undetermined	—
technology	—	ICS/OT	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2026-48576	2026-06-09	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48573	2026-06-09	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-41097	2026-05-12	Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-21265	2026-01-13	Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them …
CVE-2022-34381	2024-02-02	Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote at…
CVE-2021-38398	2021-10-04	The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.…

Content submission

Name: CWE Content Team
Organization: MITRE
Date: 2020-12-03
Version: 4.3

Content modifications

Date	Name	Version	Importance	Comment
2021-07-20	CWE Content Team	4.5	—	updated Demonstrative_Examples, Description, References
2022-04-28	CWE Content Team	4.7	—	updated Common_Consequences, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction, Weakness_Ordinalities
2023-01-31	CWE Content Team	4.10	—	updated Applicable_Platforms, Relationships
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2024-02-29	CWE Content Team	4.14	—	updated Demonstrative_Examples, References
2025-04-03	CWE Content Team	4.17	—	updated Relationships
2025-12-11	CWE Content Team	4.19	—	updated Relationships
2026-04-30	CWE Content Team	4.20	—	updated Observed_Examples

Contributions

Type	Name	Date	Comment
Content	Chen Chen, Rahul Kande, Jeyavijayan Rajendran	2023-06-21	suggested demonstrative example
Content	Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi	2023-06-21	suggested demonstrative example