Home/CWE/Exposure of Backup File to an Unauthorized Control Sphere
Weakness

Exposure of Backup File to an Unauthorized Control Sphere

CWE-530 · Variant · Incomplete

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

Extended description

Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-552 · Files or Directories Accessible to External Parties

CVEs With This Weakness

10
CVEs tagged with this weakness.
CVECVE-2026-2974
CVECVE-2025-3773
CVECVE-2024-3430
CVECVE-2024-3128
CVECVE-2024-3124
CVECVE-2024-2567
CVECVE-2024-2364
CVECVE-2024-12330
CVECVE-2023-5297
CVECVE-2020-36899
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin