Cyber Posture

CWE · MITRE source

CWE-248Uncaught Exception

Abstraction: Base · CVEs in our corpus: 189

An exception is thrown from a function, but it is not caught.

When an exception is not caught, it may cause the program to crash or expose sensitive information.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
SC-24Fail in Known StateSCPrevents abrupt termination from uncaught exceptions by requiring a defined, preserved-state failure mode.
SI-17Fail-safe ProceduresSIRequires pre-defined safe responses for uncaught exceptions so they do not result in undefined or insecure program termination.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2013-100654.77.50.53062025-08-05
CVE-2018-114662.19.80.02422018-12-12
CVE-2024-201372.17.50.10072024-12-02
CVE-2020-60191.97.50.06722020-11-13
CVE-2024-420371.99.30.00072024-08-08
CVE-2021-377141.87.50.04352021-08-18
CVE-2022-209191.88.60.00902022-09-30
CVE-2023-424441.88.60.00552023-09-19
CVE-2023-424471.88.60.00522023-09-19
CVE-2023-200861.88.60.00542023-11-01
CVE-2024-433571.88.60.00632024-08-15
CVE-2025-206371.87.50.04812025-02-03
CVE-2025-676471.89.10.00022026-01-15
CVE-2020-102921.78.20.00592020-11-06
CVE-2023-237741.78.40.00032023-08-29
CVE-2026-331911.78.60.00202026-03-20
CVE-2018-114651.67.80.00062018-12-12
CVE-2019-65751.67.50.01122019-04-17
CVE-2020-157961.67.50.01172020-12-14
CVE-2022-248221.67.50.00832022-04-06
CVE-2023-399451.68.20.00112023-08-11
CVE-2025-201711.67.70.00302025-02-05
CVE-2025-201721.67.70.00302025-02-05
CVE-2025-201731.67.70.00302025-02-05
CVE-2025-201761.67.70.00302025-02-05