CWE-391: Unchecked Error Condition
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
Last updated
Overview
CWE-391 (Unchecked Error Condition) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
24 recorded CVEs are caused by CWE-391 (Unchecked Error Condition). The highest-severity and most recent are shown first. 1 new CWE-391 CVE has been recorded so far in 2026.
- CVE-2024-52316
Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Critical · CVSS 9.8 · EPSS 93th2024-11-18 - CVE-2017-12182Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12180Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12181Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12185Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12178Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12183Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12184Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12186Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12187Critical · CVSS 9.8 · EPSS 87th2018-01-24
- CVE-2017-12176Critical · CVSS 9.8 · EPSS 90th2018-01-24
- CVE-2017-12177Critical · CVSS 9.8 · EPSS 90th2018-01-24
Showing 12 of 24 recorded CWE-391 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-391 vulnerabilitiesCommon consequences
What can happen when CWE-391 is exploited.
Varies by Context, Unexpected State, Alter Execution Logic
Affects: Integrity, Other
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-391, grouped by where in the lifecycle they apply.
The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem.
A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added.
Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
How to detect it
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
The following code excerpt ignores a rarely-thrown exception from doExchange().
Vulnerable example
try {If a RareException were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program's behavior.
Terminology & mappings
Mapped taxonomies
- PLOVER: Unchecked Return Value
- 7 Pernicious Kingdoms: Empty Catch Block
- CLASP: Uncaught exception
- OWASP Top Ten 2004: Improper Error Handling (A7) — CWE More Specific fit
- CERT C Secure Coding: Adopt and implement a consistent and comprehensive error-handling policy (ERR00-C)
- CERT C Secure Coding: Detect and handle standard library errors (ERR33-C) — CWE More Abstract fit
- CERT C Secure Coding: Detect errors when converting a string to a number (ERR34-C) — CWE More Abstract fit
- CERT C Secure Coding: Prevent or detect domain and range errors in math functions (FLP32-C) — Imprecise fit
- CERT C Secure Coding: Detect and handle POSIX library errors (POS54-C) — CWE More Abstract fit
- SEI CERT Perl Coding Standard: Do not suppress or ignore exceptions (EXP31-PL) — Imprecise fit
- Software Fault Patterns: Unchecked Status Condition (SFP4)
Frequently asked questions
Common questions about CWE-391.
- What is CWE-391?
- [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
- What CVEs are caused by CWE-391?
- 24 recorded CVEs are attributed to CWE-391, including CVE-2024-52316, CVE-2017-12182, CVE-2017-12180.
- Is CWE-391 part of the OWASP Top 10?
- CWE-391 maps to OWASP Top Ten 2004: Improper Error Handling (A7) in the OWASP security taxonomy.
- How do you prevent CWE-391?
- The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem.
- How is CWE-391 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-391?
- Exploiting CWE-391 can lead to: Varies by Context, Unexpected State, Alter Execution Logic.
- Is CWE-391 actively exploited?
- 24 recorded CVEs are caused by CWE-391; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-391) (opens in a new tab)
- CWE-391 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-391
Get alerted the moment a new CWE-391 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.