CWE · MITRE source
CWE-390Detection of Error Condition Without Action
The product detects a specific error, but takes no actions to handle the error.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 1 mapping(s) from 1 framework(s): OWASP-Web 1 (full)
OWASP Top 10 for Web (2025)
This weakness contributes to A10:2025 Mishandling of Exceptional Conditions.
NIST 800-53 r5 controls that address this weakness (10)AI
Showing the 9 most specific. Generic controls that address many weakness types are collapsed below.
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IR-1 | Policy and Procedures | IR | Procedures require detection of error/incident conditions followed by defined response actions. |
IR-3 | Incident Response Testing | IR | IR testing verifies that detected error conditions trigger appropriate response actions rather than being ignored. |
IR-4 | Incident Handling | IR | The containment, eradication, and recovery steps ensure detected incidents trigger concrete actions rather than no response. |
PM-31 | Continuous Monitoring Strategy | PM | Requires response actions to analysis of monitoring data, directly preventing detection of error conditions without follow-up action. |
PM-6 | Measures of Performance | PM | Reporting on security performance measures requires confirming that detected error conditions trigger appropriate actions rather than being ignored. |
AU-5 | Response to Audit Logging Process Failures | AU | Requires explicit action (alert plus additional responses) on audit logging failures rather than detecting the error condition without acting. |
CA-7 | Continuous Monitoring | CA | The control mandates response actions to address results from monitoring and assessments, preventing detection of error conditions without subsequent corrective action. |
SC-24 | Fail in Known State | SC | Ensures that detected error conditions trigger an explicit action to reach the known failure state. |
SI-17 | Fail-safe Procedures | SI | Ensures that detected error conditions trigger the specified safe procedures instead of being observed without corrective action. |
Show 1 more broadly-applicable controls
IR-7 | Incident Response Assistance | IR | Provides assistance for handling incidents, ensuring detected error conditions lead to appropriate user actions rather than inaction. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-27919 UPD | 8.0 | 7.5 | 0.8675 | 2024-04-04 |
CVE-2024-30255 UPD | 8.0 | 5.3 | 0.8781 | 2024-04-04 |
CVE-2021-40391 | 7.0 | 9.8 | 0.0292 | 2021-11-19 |
CVE-2026-52989 | 7.0 | 9.8 | 0.0034 | 2026-06-24 |
CVE-2026-53434 | 7.0 | 9.1 | 0.0037 | 2026-06-29 |
CVE-2019-5051 | 5.5 | 8.8 | 0.0404 | 2019-07-03 |
CVE-2024-49841 UPD | 5.5 | 7.8 | 0.0009 | 2025-05-06 |
CVE-2025-46367 | 5.5 | 7.8 | 0.0012 | 2025-11-13 |
CVE-2017-7485 | 3.5 | 5.9 | 0.0204 | 2017-05-12 |
CVE-2024-20316 UPD | 3.5 | 5.8 | 0.0045 | 2024-03-27 |
CVE-2024-11942 | 3.5 | 5.9 | 0.0037 | 2024-12-05 |
CVE-2024-12086 UPD | 3.5 | 6.1 | 0.0176 | 2025-01-14 |
CVE-2025-25204 | 3.5 | 6.3 | 0.0037 | 2025-02-14 |
CVE-2025-26465 | 3.5 | 6.8 | 0.0700 | 2025-02-18 |
CVE-2025-27039 | 3.5 | 6.6 | 0.0007 | 2025-10-09 |
CVE-2026-44310 UPD | 3.5 | 5.4 | 0.0011 | 2026-05-15 |
CVE-2026-48792 UPD | 3.5 | 4.4 | 0.0013 | 2026-05-27 |