Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
CWE-391 Base Incomplete
Unchecked Error Condition
This vulnerability occurs when a program fails to properly check or handle error conditions, such as exceptions or return codes. By ignoring these failures, the software can enter an unexpected…
Definition
What is CWE-391?
This vulnerability occurs when a program fails to properly check or handle error conditions, such as exceptions or return codes. By ignoring these failures, the software can enter an unexpected state that attackers might exploit, often without any logging or user notification.
When your code doesn't check for errors—like a failed file operation, a null pointer, or a network timeout—it continues executing as if nothing went wrong. This creates a gap between what the program assumes is true (e.g., 'the data was loaded') and reality (e.g., 'the variable is empty'), leading to crashes, data corruption, or security bypasses. Attackers can deliberately trigger these ignored errors to destabilize your application or reveal sensitive information.
To prevent this, always implement robust error handling. Check return values from functions, use try-catch blocks for exceptions, and validate system call outcomes. Log all caught errors with sufficient context for debugging, and decide on safe failure modes—like rolling back transactions or terminating the session—instead of silently proceeding. This defensive practice closes a common attack vector and makes your software more resilient and observable in production.
Real-world impact
Real-world CVEs caused by CWE-391
No public CVE references are linked to this CWE in MITRE's catalog yet.
How attackers exploit it
Step-by-step attacker path
- 1
Identify a code path that handles untrusted input without validation.
- 2
Craft a payload that exercises the unsafe behavior — injection, traversal, overflow, or logic abuse.
- 3
Deliver the payload through a normal request and observe the application's reaction.
- 4
Iterate until the response leaks data, executes attacker code, or escalates privileges.
Vulnerable code example
Vulnerable Java
The following code excerpt ignores a rarely-thrown exception from doExchange().
try {
doExchange();
}
catch (RareException e) {
```
// this can never happen*
} Secure code example
Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Prevention checklist
How to prevent CWE-391
- Requirements The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem.
- Requirements A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added.
- Implementation Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
Detection signals
How to detect CWE-391
Plexicus auto-detects CWE-391 and opens a fix PR in under 60 seconds.
Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.
Frequently asked questions What is CWE-391?
How serious is CWE-391?
What languages or platforms are affected by CWE-391?
How can I prevent CWE-391?
How does Plexicus detect and fix CWE-391?
Where can I learn more about CWE-391?
Frequently asked questions
What is CWE-391?
This vulnerability occurs when a program fails to properly check or handle error conditions, such as exceptions or return codes. By ignoring these failures, the software can enter an unexpected state that attackers might exploit, often without any logging or user notification.
How serious is CWE-391?
MITRE rates the likelihood of exploit as Medium — exploitation is realistic but typically requires specific conditions.
What languages or platforms are affected by CWE-391?
MITRE has not specified affected platforms for this CWE — it can apply across most application stacks.
How can I prevent CWE-391?
The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem. A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added.
How does Plexicus detect and fix CWE-391?
Plexicus's SAST engine matches the data-flow signature for CWE-391 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.
Where can I learn more about CWE-391?
MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/391.html. You can also reference OWASP and NIST documentation for adjacent guidance.
Related weaknesses
Weaknesses related to CWE-391
CWE-754 Parent
Improper Check for Unusual or Exceptional Conditions
This weakness occurs when software fails to properly anticipate and handle rare or unexpected runtime situations that fall outside normal…
CWE-252 Sibling
Unchecked Return Value
This vulnerability occurs when a program fails to verify the result of a function or method call, allowing it to continue execution…
CWE-253 Sibling
Incorrect Check of Function Return Value
This vulnerability occurs when a program misinterprets or improperly validates the return value from a function, causing it to miss…
CWE-273 Sibling
Improper Check for Dropped Privileges
This vulnerability occurs when an application tries to lower its system privileges but fails to verify that the operation was successful.
CWE-354 Sibling
Improper Validation of Integrity Check Value
This vulnerability occurs when software fails to properly check the integrity of data by validating its checksum or hash value. Without…
CWE-394 Sibling
Unexpected Status Code or Return Value
This vulnerability occurs when software fails to properly validate the full range of possible return values from a function or system…
CWE-476 Sibling
NULL Pointer Dereference
This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or…
Ready when you are
Don't Let Security
Weigh You Down.
Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.