Cyber Resilience

CWE · MITRE source

CWE-460Improper Cleanup on Thrown Exception

Abstraction: Base · CVEs in our corpus: 22

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.

Last updated: 04 July 2026 11:13 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 1 mapping(s) from 1 framework(s): OWASP-Web 1 (full)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A10:2025 Mishandling of Exceptional Conditions.

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2022-221505.58.80.01802022-02-04
CVE-2022-47445.57.80.00462023-03-30
CVE-2023-463935.57.50.00452023-10-27
CVE-2026-405835.58.20.00382026-04-21
CVE-2017-151273.55.50.00382018-01-14
CVE-2016-95923.54.30.01312018-04-16
CVE-2017-96573.56.50.00792018-04-30
CVE-2019-148913.55.00.00692019-11-25
CVE-2020-143043.54.40.00362020-09-15
CVE-2021-347163.56.70.02392021-08-18
CVE-2022-37073.55.50.00222023-03-06
CVE-2024-03163.56.80.00322024-01-15
CVE-2024-20354 UPD3.54.70.00292024-03-27
CVE-2024-122893.55.90.00372024-12-12
CVE-2025-301573.56.50.00412025-03-21
CVE-2025-324393.56.50.00312025-04-15
CVE-2025-696523.56.20.00172026-03-06
CVE-2026-201183.56.80.00322026-03-11
CVE-2026-334813.55.30.00412026-03-26
CVE-2022-33011.52.40.00542022-09-26
CVE-2025-593991.53.10.00162025-09-15
CVE-2026-48524 UPD1.53.70.00222026-05-28