CWE-327 684 個 CVE MITRE 定義 ↗

CWE-327:Use of a Broken or Risky Cryptographic Algorithm

概覽

CWE-327(Use of a Broken or Risky Cryptographic Algorithm)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product uses a broken or risky cryptographic algorithm or protocol.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
language Verilog Undetermined
language VHDL Undetermined
technology Not Technology-Specific Undetermined
technology ICS/OT Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-56454 2026-07-16 HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interc…
CVE-2026-15605 2026-07-13 A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Va…
CVE-2026-54780 2026-07-08 CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMe…
CVE-2026-14742 2026-07-05 A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result…
CVE-2026-14738 2026-07-05 A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. T…
CVE-2026-14630 2026-07-04 A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/s…
CVE-2026-57997 2026-06-29 Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS25…
CVE-2026-13510 2026-06-28 A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password …
CVE-2026-13482 2026-06-28 A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results …
CVE-2026-47775 2026-06-26 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-…
CVE-2026-9221 2026-06-25 The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the back…
CVE-2026-6330 2026-06-25 The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constan…
CVE-2026-6412 2026-06-25 Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.
CVE-2026-50268 2026-06-17 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring `encr…
CVE-2026-40641 2026-06-17 Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially expl…
CVE-2026-9261 2026-06-15 Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
CVE-2026-50086 2026-06-12 The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authenticatio…
CVE-2026-40996 2026-06-11 Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RS…
CVE-2025-10237 2026-06-10 During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or wr…
CVE-2026-11481 2026-06-07 A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embe…

曾用名

  • Using a Broken or Risky Cryptographic Algorithm (2008-04-11)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-08-15 1.0 Suggested OWASP Top Ten 2004 mapping
2008-09-08 CWE Content Team 1.0 updated Background_Details, Common_Consequences, Description, Relationships, Taxonomy_Mappings
2009-01-12 CWE Content Team 1.2 updated Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, References, Relationships
2009-03-10 CWE Content Team 1.3 updated Potential_Mitigations
2009-07-27 CWE Content Team 1.5 updated Maintenance_Notes, Relationships
2009-10-29 CWE Content Team 1.6 updated Relationships
2009-12-28 CWE Content Team 1.7 updated References
2010-02-16 CWE Content Team 1.8 updated Detection_Factors, References, Relationships
2010-04-05 CWE Content Team 1.8.1 updated Applicable_Platforms, Potential_Mitigations, Related_Attack_Patterns
2010-06-21 CWE Content Team 1.9 updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships
2010-09-27 CWE Content Team 1.10 updated Potential_Mitigations, Relationships
2011-03-29 CWE Content Team 1.12 updated Demonstrative_Examples, Description
2011-06-01 CWE Content Team 1.13 updated Relationships, Taxonomy_Mappings
2011-06-27 CWE Content Team 2.0 updated Relationships
2011-09-13 CWE Content Team 2.1 updated Potential_Mitigations, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2013-02-21 CWE Content Team 2.4 updated Relationships
2014-02-18 CWE Content Team 2.6 updated Related_Attack_Patterns
2014-06-23 CWE Content Team 2.7 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Demonstrative_Examples, Detection_Factors, Relationships
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings
2018-03-27 CWE Content Team 3.1 updated References, Relationships
2019-01-03 CWE Content Team 3.2 updated References, Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns, Relationships, Type
2020-02-24 CWE Content Team 4.0 updated Applicable_Platforms, Detection_Factors, Maintenance_Notes, Relationships
2021-03-15 CWE Content Team 4.4 updated References
2021-10-28 CWE Content Team 4.6 updated Maintenance_Notes, Potential_Mitigations, Relationships
2022-04-28 CWE Content Team 4.7 updated Relationships
2022-10-13 CWE Content Team 4.9 updated Demonstrative_Examples, Observed_Examples, References
2023-01-31 CWE Content Team 4.10 updated Applicable_Platforms, Background_Details, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Taxonomy_Mappings, Time_of_Introduction
2023-04-27 CWE Content Team 4.11 updated References, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Relationships
2025-09-09 CWE Content Team 4.18 updated Detection_Factors, Potential_Mitigations, References
2025-12-11 CWE Content Team 4.19 updated Maintenance_Notes, Relationships, Weakness_Ordinalities

貢獻

類型 名稱 日期 評論
Content Parbati K. Manna 2019-12-10 Provide a hardware-specific submission whose contents were integrated into this entry, affecting extended description, applicable platforms, demonstrative examples, and mitigations
cvelogic Threat Intelligence