Compound weakness
Chain
Draft
CWE-690: Unchecked Return Value to NULL Pointer Dereference
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
Last updated
26
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Compound
Abstraction
MITRE classification
Overview
While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.
Real-world CVEs
26 recorded CVEs are caused by CWE-690 (Unchecked Return Value to NULL Pointer Dereference). The highest-severity and most recent are shown first. 5 new CWE-690 CVEs have been recorded so far in 2026 (1 in 2025).