Home/CWE/Improper Initialization
Weakness

Improper Initialization

CWE-665 · Class · Draft

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Extended description

This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-664 · Improper Control of a Resource Through its Lifetime
Children (more specific)
ParentOfCWE-1188 · Initialization of a Resource with an Insecure Default
ParentOfCWE-1279 · Cryptographic Operations are run Before Supporting Units are Ready
ParentOfCWE-1419 · Incorrect Initialization of Resource
ParentOfCWE-1434 · Insecure Setting of Generative AI/ML Model Inference Parameters
ParentOfCWE-455 · Non-exit on Failed Initialization
ParentOfCWE-456 · Missing Initialization of a Variable
ParentOfCWE-457 · Use of Uninitialized Variable
ParentOfCWE-770 · Allocation of Resources Without Limits or Throttling
ParentOfCWE-908 · Use of Uninitialized Resource
ParentOfCWE-909 · Missing Initialization of Resource

Attack Patterns (CAPEC)

2
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-26Leveraging Race Conditions
CAPEC-29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CVEs With This Weakness

417
A sample of the 417 CVEs tagged with this weakness.
CVECVE-2026-34553
CVECVE-2026-26958
CVECVE-2026-23553
CVECVE-2026-21913
CVECVE-2026-0940
CVECVE-2025-66363
CVECVE-2025-5745
CVECVE-2025-5702
CVECVE-2025-55118
CVECVE-2025-48509
CVECVE-2025-46553
CVECVE-2025-35991

Nuclei Scanner Templates

2
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
criticalBitrix Component - Cross-Site Scripting
lowHuawei Firewall - Local File Inclusion
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin