CWE-321
Hard-coded Cryptographic Key
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 6 of 6- CVE-2026-28742Critical· 9.818 h ago
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or
- CVE-2026-50091Critical· 9.120 h ago
Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimate
- CVE-2025-30406Critical· 9.0KEVEXPLOITEPSS 85%21 h ago
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
- CVE-2026-46395—EPSS 0%4 d ago
HAXcms: Private Key Disclosure via Broken HMAC Implementation
npm - CVE-2026-11505Medium· 5.0EPSS 0%4 d ago
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key .
- CVE-2026-50226Medium· 5.3EPSS 0%5 d ago
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed clo
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.