---
type: "term"
title: "CWE (Common Weakness Enumeration)"
description: "A community developed list of common software and hardware weakness types maintained by MITRE."
resource: "tlctc:term:cwe-common-weakness-enumeration"
tags:
  - "glossary"
---
# CWE (Common Weakness Enumeration)

A community-developed list of common software and hardware weakness types maintained by MITRE. CWE categorizes the underlying flaws, bugs, or errors (weaknesses) that enable vulnerabilities to exist — e.g., CWE-89 for SQL Injection weakness, CWE-119 for buffer overflow weakness. In the TLCTC conceptual hierarchy: **Weakness (CWE) → Specific Vulnerability (CVE) → Generic Vulnerability (TLCTC) → Threat Cluster (#1–#10)**. CWE provides granular weakness taxonomy at the code level for developers; TLCTC operates at the strategic level by grouping all resulting vulnerabilities into 10 generic vulnerability categories.




**Related reading:** [CVE-2026-21510: Windows Shell SmartScreen bypass](https://www.tlctc.net/cve-2026-21510.html), [CVE-2020-17103 — patch closed an effect, not a cluster](https://www.tlctc.net/cve-2020-17103.html), [TLCTC × CWE — interactive explorer](https://www.tlctc.net/tlctc-mitre-cwe.html), [TLCTC × CWE — context is king](https://www.tlctc.net/tlctc-mitre-cwe-mapping.html), [TLCTC × CWE — advanced explorer](https://www.tlctc.net/tlctc-cwe-mapping.html), [MITRE CWE needs a taxonomic reboot](https://www.tlctc.net/tlctc-cwe-reboot.html), [CWE-514 (covert channel) → TLCTC #8](https://www.tlctc.net/blog-cwe-514-covert-channel-mapping.html), [SonarQube × TLCTC — secure dev integration (pt 3)](https://www.tlctc.net/tlctc-sonar-cwe.html), [Taming SonarQube with TLCTC (Secure-Dev pt 2)](https://www.tlctc.net/tlctc-sdlc-dev-blog.html), [SSDLC for developers — the "S" problem](https://www.tlctc.net/tlctc-ssdlc.html), [Adding the Developer's View to TLCTC](https://www.tlctc.net/tlctc-definitions-sdlc-prog-coder.html), [TLCTC v2.1 monster prompt — DevSecOps](https://www.tlctc.net/tlctc-prompt-devsecops.html)

See also: Vulnerability, Weakness, CVE, Generic Vulnerability