Cyber Resilience

CWE · MITRE source

CWE-390Detection of Error Condition Without Action

Abstraction: Base · CVEs in our corpus: 18

The product detects a specific error, but takes no actions to handle the error.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 1 mapping(s) from 1 framework(s): OWASP-Web 1 (full)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A10:2025 Mishandling of Exceptional Conditions.

NIST 800-53 r5 controls that address this weakness (10)AI

Showing the 9 most specific. Generic controls that address many weakness types are collapsed below.

Control Title Family Why it addresses this CWE
IR-1Policy and ProceduresIRProcedures require detection of error/incident conditions followed by defined response actions.
IR-3Incident Response TestingIRIR testing verifies that detected error conditions trigger appropriate response actions rather than being ignored.
IR-4Incident HandlingIRThe containment, eradication, and recovery steps ensure detected incidents trigger concrete actions rather than no response.
PM-31Continuous Monitoring StrategyPMRequires response actions to analysis of monitoring data, directly preventing detection of error conditions without follow-up action.
PM-6Measures of PerformancePMReporting on security performance measures requires confirming that detected error conditions trigger appropriate actions rather than being ignored.
AU-5Response to Audit Logging Process FailuresAURequires explicit action (alert plus additional responses) on audit logging failures rather than detecting the error condition without acting.
CA-7Continuous MonitoringCAThe control mandates response actions to address results from monitoring and assessments, preventing detection of error conditions without subsequent corrective action.
SC-24Fail in Known StateSCEnsures that detected error conditions trigger an explicit action to reach the known failure state.
SI-17Fail-safe ProceduresSIEnsures that detected error conditions trigger the specified safe procedures instead of being observed without corrective action.
Show 1 more broadly-applicable controls
IR-7Incident Response AssistanceIRProvides assistance for handling incidents, ensuring detected error conditions lead to appropriate user actions rather than inaction.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-27919 UPD8.07.50.86752024-04-04
CVE-2024-30255 UPD8.05.30.87812024-04-04
CVE-2021-403917.09.80.02922021-11-19
CVE-2026-529897.09.80.00342026-06-24
CVE-2026-534347.09.10.00372026-06-29
CVE-2019-50515.58.80.04042019-07-03
CVE-2024-49841 UPD5.57.80.00092025-05-06
CVE-2025-463675.57.80.00122025-11-13
CVE-2017-74853.55.90.02042017-05-12
CVE-2024-20316 UPD3.55.80.00452024-03-27
CVE-2024-119423.55.90.00372024-12-05
CVE-2024-12086 UPD3.56.10.01762025-01-14
CVE-2025-252043.56.30.00372025-02-14
CVE-2025-264653.56.80.07002025-02-18
CVE-2025-270393.56.60.00072025-10-09
CVE-2026-44310 UPD3.55.40.00112026-05-15
CVE-2026-48792 UPD3.54.40.00132026-05-27