VYPR

CWE-396

Declaration of Catch for Generic Exception

BaseDraft

Description

Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.

Multiple catch blocks can get ugly and repetitive, but "condensing" catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of a language's typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (2)

  • CVE-2026-40149HigApr 9, 2026
    risk 0.44cvss 7.9epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool names (e.g., shell_exec,…

  • CVE-2026-27482Feb 21, 2026
    risk 0.00cvss epss 0.00

    Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page…