CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2026-30793 CRITICAL
RustDesk Client <=1.4.5 - CSRF to Privilege Escalation
CVSS 9.8
CVE-2026-27803 HIGH
Vaultwarden <1.35.4 - Privilege Escalation
CVSS 8.3
CVE-2026-0017 HIGH
BiometricService.java - Privilege Escalation
CVSS 7.7
CVE-2026-3265 MEDIUM
go2ismail free-crm < 2025-09-21 - Improper Authorization in Security API
CVSS 6.3
CVE-2026-3263 MEDIUM
Asp.Net-Core-Inventory-Order-Management-System <9.20250118 - Auth B...
CVSS 6.3
CVE-2026-2694 MEDIUM
The Events Calendar <6.15.16 - Privilege Escalation
CVSS 5.4
CVE-2026-24890 HIGH
OpenEMR < 8.0.0 - Authenticated Authorization Bypass via Patient Portal Signature Endpoint
CVSS 8.1
CVE-2026-3185 MEDIUM
sz-boot-parent <=1.3.2-beta - Auth Bypass
CVSS 5.3
CVE-2026-2974 LOW
AliasVault App <0.25.3 - Info Disclosure
CVSS 2.5
CVE-2026-2896 HIGH
funadmin <7.1.0-rc4 - Privilege Escalation
CVSS 7.3
CVE-2026-2860 MEDIUM
feng_ha_ha/megagao ssm-erp - Auth Bypass
CVSS 6.3
CVE-2026-2733 LOW
Keycloak - Improper Authorization via Docker v2 Authentication Endpoint
CVSS 3.8
CVE-2026-2693 MEDIUM
CoCoTeaNet CyreneAdmin <1.3.0 - Auth Bypass
CVSS 4.3
CVE-2026-2676 MEDIUM
GoogTech sms-ssm - Improper Authorization in LoginInterceptor API Interface
CVSS 6.3
CVE-2026-26020 HIGH
AutoGPT Platform < 0.6.48 - Disabled Block Remote Code Execution
CVSS 8.8
CVE-2026-20666 MEDIUM
macOS Tahoe <26.3 - Info Disclosure
CVSS 5.5
CVE-2026-20661 MEDIUM
iPadOS < 18.7.5 - Unauthenticated Sensitive User Information Exposure via Locked Device
CVSS 4.6
CVE-2026-20656 LOW
Safari < 26.3 - Unauthorized Access to User History
CVSS 3.3
CVE-2026-25999 HIGH
Klaw <2.10.2 - Privilege Escalation
CVSS 7.1
CVE-2026-25893 CRITICAL
FUXA < 1.2.10 - Unauthenticated Authentication Bypass via Heartbeat Refresh API
CVSS 9.8
CVE-2026-25885 HIGH
PolarLearn 0-PRERELEASE-16 - Unauthenticated Group Chat Access via WebSocket
CVSS 7.5
CVE-2026-25809 CRITICAL
PlaciPy 1.0.0 - Improper Authorization in Code Evaluation Endpoint
CVSS 9.8
CVE-2026-2141 MEDIUM
WuKongOpenSource WukongCRM <11.3.3 - Auth Bypass
CVSS 6.3
CVE-2026-2209 MEDIUM
Wekan < 8.19 - Incorrect Privilege Assignment in Custom Translation Handler
CVSS 6.3
CVE-2026-2109 MEDIUM
jsbroks COCO Annotator <0.11.1 - Auth Bypass
CVSS 5.4
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits