Home/CWE/Use of Uninitialized Resource
Weakness

Use of Uninitialized Resource

CWE-908 · Base · Incomplete

The product uses or accesses a resource that has not been initialized.

Extended description

When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-665 · Improper Initialization
Children (more specific)
ParentOfCWE-457 · Use of Uninitialized Variable

CVEs With This Weakness

839
A sample of the 839 CVEs tagged with this weakness.
CVECVE-2026-7141
CVECVE-2026-6749
CVECVE-2026-4716
CVECVE-2026-4716
CVECVE-2026-4715
CVECVE-2026-4715
CVECVE-2026-45736
CVECVE-2026-43349
CVECVE-2026-43291
CVECVE-2026-43288
CVECVE-2026-43221
CVECVE-2026-43160

Nuclei Scanner Templates

2
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
highMongoDB Server - Information Disclosure (MongoBleed)
mediumSecurepoint UTM - Leaking Remote Memory Contents
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin