CWE-598
Use of HTTP Request With Sensitive Query String
Description
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Application Data
Potential Mitigations
When sending sensitive information, only include it in the request body or request headers instead of the query string. This may require avoiding use of GET requests.
CVE-2025-1738Security camera includes a password in its query string
CVE-2025-31954ML/NLP-based automation product calls a GET method with sensitive information in the query string.
CVE-2024-31842Web-based communication product includes an access token in the query string of a GET request
CVE-2022-23546A discussion platform leaks private information in GET requests.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now