CWE · MITRE source
CWE-392Missing Report of Error Condition
The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (6)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IR-1 | Policy and Procedures | IR | Requires reporting and escalation of error conditions and incidents per documented procedures. |
IR-3 | Incident Response Testing | IR | IR testing would expose missing error reporting that prevents timely incident detection and response. |
IR-7 | Incident Response Assistance | IR | Offers direct support for reporting incidents, addressing the failure to report error conditions or security events. |
AU-5 | Response to Audit Logging Process Failures | AU | Mandates alerting on audit failures, directly providing the missing report of the error condition. |
CA-7 | Continuous Monitoring | CA | Reporting the security and privacy status to organizational officials ensures monitoring and assessment results are communicated rather than omitted. |
PM-31 | Continuous Monitoring Strategy | PM | Includes explicit reporting of security status and analysis results, addressing missing reports of error or monitoring conditions. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2023-42444 | 1.8 | 8.6 | 0.0055 | 2023-09-19 |
CVE-2023-42447 | 1.8 | 8.6 | 0.0052 | 2023-09-19 |
CVE-2025-32743 | 1.8 | 9.0 | 0.0045 | 2025-04-10 |
CVE-2024-39697 | 1.7 | 8.6 | 0.0015 | 2024-07-09 |
CVE-2017-2342 | 1.6 | 8.1 | 0.0011 | 2017-07-17 |
CVE-2025-23270 | 1.4 | 7.1 | 0.0003 | 2025-07-17 |
CVE-2024-12797 | 1.3 | 6.3 | 0.0072 | 2025-02-11 |
CVE-2026-20005 | 1.2 | 5.8 | 0.0003 | 2026-03-04 |
CVE-2025-26268 | 0.7 | 3.3 | 0.0024 | 2025-04-17 |
CVE-2025-59398 | 0.6 | 3.1 | 0.0002 | 2025-09-15 |
CVE-2023-48430 | 0.5 | 2.7 | 0.0010 | 2023-12-12 |