CWE-390: Detection of Error Condition Without Action
The product detects a specific error, but takes no actions to handle the error.
Last updated
Overview
CWE-390 (Detection of Error Condition Without Action) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
17 recorded CVEs are caused by CWE-390 (Detection of Error Condition Without Action). The highest-severity and most recent are shown first. 4 new CWE-390 CVEs have been recorded so far in 2026 (6 in 2025).
- CVE-2026-52989
nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
Critical · CVSS 9.8 · EPSS 27th2026-06-24 - CVE-2021-40391Critical · CVSS 9.8 · EPSS 85th2021-11-19
- CVE-2026-53434
Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Critical · CVSS 9.1 · EPSS 29th2026-06-29