CWE: Common Weakness Enumeration in Cybersecurity

Vulnerability Management

ByJulian Calvo, Ed.D., MBA, M.S.April 2026

CWE stands for Common Weakness Enumeration. Common Weakness Enumeration is a community-developed catalog of software and hardware weakness types. Each CWE entry describes a category of vulnerability (e.g., CWE-79 for XSS, CWE-89 for SQLi) with examples, mitigations, and detection methods.

How CWE Is Used in Cybersecurity

Security engineers reference CWE identifiers when classifying vulnerability findings and writing remediation guidance. SAST tools map their findings to CWE entries so developers understand the underlying weakness type. GRC analysts use CWE data in risk assessments to identify which weakness categories affect their organization most frequently.

Read the full glossary entry: Common Weakness Enumeration in Cybersecurity

Cybersecurity Roles That Work with CWE

Security EngineerView career guide →GRC AnalystView career guide →Penetration TesterView career guide →

Related Cybersecurity Acronyms

CVE CVSS NVD SAST SQLi

Frequently Asked Questions

What does CWE stand for?

CWE stands for Common Weakness Enumeration. Common Weakness Enumeration is a community-developed catalog of software and hardware weakness types. Each CWE entry describes a category of vulnerability (e.g., CWE-79 for XSS, CWE-89 for SQLi) with examples, mitigations, and detection methods.

What is CWE used for in cybersecurity?

Sources

MITRE CWE

Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.

Last verified: April 2026Report an inaccuracy

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options