2024 CWE Top 25 Most Dangerous Software Weaknesses: Exposure of Sensitive Information to an Unauthorised Actor (CWE-200)
CWE-200 refers to a software flaw where sensitive information—such as personal data, proprietary business details, or system configurations—is unintentionally exposed to individuals or entities without proper authorisation. This weakness typically results from poor implementation of access controls, inadequate data masking, or flawed logic in data-handling processes.