CWE-1104

Use of Unmaintained Third Party Components

Base

What it is

The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

Impact

Other

Reduce Maintainability, Varies by Context

Real-world CVE examples

CVE-2025-40906 — Perl module for BSON serialization includes a component that reached end-of-life approximately five years previously, but has multiple vulnerabilities.
CVE-2024-35252 — Closed-source cloud storage product includes an unmaintained third-party component that allows denial of service

Related weaknesses

CWE-1357 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →