A10:2025 Mishandling of Exceptional Conditions
New for 2025. Error and exception paths leak information, fail open, or land in inconsistent states. Includes fail-open authentication and logic-flaw error handling.
Member CWEs (24)
- CWE-209 Generation of Error Message Containing Sensitive Information
- CWE-215 Insertion of Sensitive Information Into Debugging Code
- CWE-234 Failure to Handle Missing Parameter
- CWE-235 Improper Handling of Extra Parameters
- CWE-248 Uncaught Exception
- CWE-252 Unchecked Return Value
- CWE-274 Improper Handling of Insufficient Privileges
- CWE-280 Improper Handling of Insufficient Permissions or Privileges
- CWE-369 Divide By Zero
- CWE-390 Detection of Error Condition Without Action
- CWE-391 Unchecked Error Condition
- CWE-394 Unexpected Status Code or Return Value
- CWE-396 Declaration of Catch for Generic Exception
- CWE-397 Declaration of Throws for Generic Exception
- CWE-460 Improper Cleanup on Thrown Exception
- CWE-476 NULL Pointer Dereference
- CWE-478 Missing Default Case in Multiple Condition Expression
- CWE-484 Omitted Break Statement in Switch
- CWE-550 Server-generated Error Message Containing Sensitive Information
- CWE-636 Not Failing Securely ('Failing Open')
- CWE-703 Improper Check or Handling of Exceptional Conditions
- CWE-754 Improper Check for Unusual or Exceptional Conditions
- CWE-755 Improper Handling of Exceptional Conditions
- CWE-756 Missing Custom Error Page
Mapped NIST 800-53 r5 controls (2)
Our two-way, human-QA’d reading of how this category and each NIST 800-53 control relate. No external body publishes an OWASP→800-53 mapping, so these are our assessment.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Tagged CVEs (showing 50 most recent of 8,228)
- CVE-2026-58369
- CVE-2026-57875
- CVE-2026-57873
- CVE-2026-57434
- CVE-2026-56338
- CVE-2026-56331
- CVE-2026-56017
- CVE-2026-55577
- CVE-2026-55568
- CVE-2026-55517
- CVE-2026-55204
- CVE-2026-54908
- CVE-2026-54762
- CVE-2026-54269
- CVE-2026-54262
- CVE-2026-54261
- CVE-2026-54259
- CVE-2026-53906
- CVE-2026-53852
- CVE-2026-53837
- CVE-2026-53463
- CVE-2026-53434
- CVE-2026-53220
- CVE-2026-53214
- CVE-2026-53204
- CVE-2026-52989
- CVE-2026-52951
- CVE-2026-50129
- CVE-2026-49979
- CVE-2026-49325
- CVE-2026-49318
- CVE-2026-49317
- CVE-2026-49316
- CVE-2026-49235
- CVE-2026-49232
- CVE-2026-48985
- CVE-2026-48961
- CVE-2026-48829
- CVE-2026-48792
- CVE-2026-48524
- CVE-2026-48139
- CVE-2026-48066
- CVE-2026-47775
- CVE-2026-47337
- CVE-2026-47335
- CVE-2026-47327
- CVE-2026-47316
- CVE-2026-47315
- CVE-2026-47308
- CVE-2026-47307
Data: OWASP Top 10:2025 (CC BY-SA 4.0) · CWE memberships from cwe-api.mitre.org (meta-category CWE-1445).