CWE · MITRE source
CWE-391Unchecked Error Condition
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (5)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IR-1 | Policy and Procedures | IR | Policy enforces checking and handling of error conditions as part of incident response processes. |
IR-3 | Incident Response Testing | IR | Testing IR effectiveness identifies and drives fixes for unchecked error conditions that fail to initiate incident handling. |
IR-4 | Incident Handling | IR | Formal incident handling procedures enforce checking and acting on error conditions that could indicate security incidents. |
AU-5 | Response to Audit Logging Process Failures | AU | Ensures audit logging process failures are checked and trigger defined responses instead of remaining unchecked. |
PM-31 | Continuous Monitoring Strategy | PM | Mandates ongoing correlation, analysis, and response to monitoring results, reducing unchecked error conditions from control assessments. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-52316 | 2.1 | 9.8 | 0.0267 | 2024-11-18 |
CVE-2017-12176 | 2.0 | 9.8 | 0.0095 | 2018-01-24 |
CVE-2017-12177 | 2.0 | 9.8 | 0.0095 | 2018-01-24 |
CVE-2017-12178 | 2.0 | 9.8 | 0.0087 | 2018-01-24 |
CVE-2017-12179 | 2.0 | 9.8 | 0.0084 | 2018-01-24 |
CVE-2017-12180 | 2.0 | 9.8 | 0.0087 | 2018-01-24 |
CVE-2017-12181 | 2.0 | 9.8 | 0.0084 | 2018-01-24 |
CVE-2017-12182 | 2.0 | 9.8 | 0.0095 | 2018-01-24 |
CVE-2017-12183 | 2.0 | 9.8 | 0.0087 | 2018-01-24 |
CVE-2017-12184 | 2.0 | 9.8 | 0.0084 | 2018-01-24 |
CVE-2017-12185 | 2.0 | 9.8 | 0.0084 | 2018-01-24 |
CVE-2017-12186 | 2.0 | 9.8 | 0.0075 | 2018-01-24 |
CVE-2017-12187 | 2.0 | 9.8 | 0.0077 | 2018-01-24 |
CVE-2016-10526 | 1.7 | 8.6 | 0.0030 | 2018-05-31 |
CVE-2019-14853 | 1.5 | 7.5 | 0.0007 | 2019-11-26 |
CVE-2017-7496 | 1.4 | 7.0 | 0.0005 | 2017-06-26 |
CVE-2020-14383 | 1.3 | 6.5 | 0.0046 | 2020-12-02 |
CVE-2022-22160 | 1.3 | 6.5 | 0.0008 | 2022-01-19 |
CVE-2024-23326 | 1.2 | 5.9 | 0.0008 | 2024-06-04 |
CVE-2022-20849 | 1.2 | 6.1 | 0.0005 | 2024-11-15 |
CVE-2018-1091 | 1.1 | 5.5 | 0.0008 | 2018-03-27 |
CVE-2023-0572 | 1.1 | 5.3 | 0.0024 | 2023-01-29 |
CVE-2023-32871 | 1.1 | 5.3 | 0.0000 | 2024-05-06 |