Base weakness

Draft

CWE-414: Missing Lock Check

A product does not check to see if a lock is present before performing sensitive operations on a resource.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-414 (Missing Lock Check) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

2 recorded CVEs are caused by CWE-414 (Missing Lock Check). The highest-severity and most recent are shown first. 1 new CWE-414 CVE has been recorded so far in 2026 (1 in 2025).

CWE-414: Missing Lock Check

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-414?

What CVEs are caused by CWE-414?

How do you prevent CWE-414?

How is CWE-414 detected?

What are the consequences of CWE-414?

Is CWE-414 actively exploited?

References

Stay ahead of CWE-414

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-414?

What CVEs are caused by CWE-414?

How do you prevent CWE-414?

How is CWE-414 detected?

What are the consequences of CWE-414?

Is CWE-414 actively exploited?

References

Stay ahead of CWE-414