CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,319 vulnerabilities with CWE-287
CVE-2026-48114 CRITICAL
Metacat has an unauthenticated SQL injection vulnerability
CVSS 9.8
CVE-2026-12183 CRITICAL
Nefteprodukttekhnika LLC Buk Ts-g Gas Station Automation System < 2.10.2 - Improper Authentication
CVSS 9.8
CVE-2026-50623 MEDIUM
Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService
CVSS 6.5
CVE-2026-48611 CRITICAL
phpBB < 3.3.16 - Improper Authentication
CVSS 9.8
CVE-2026-40995 MEDIUM
X.509 authentication bypasses Spring Security account checks
CVSS 5.4
CVE-2026-47166 MEDIUM
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
CVSS 5.7
CVE-2026-46705 MEDIUM
russh server userauth state is not reset when authentication principal changes
CVSS 5.3
CVE-2026-45567 HIGH
Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt
CVSS 8.3
CVE-2026-47838 MEDIUM
Unauthorized User Impersonation when Using X.509 Client Certificates
CVSS 6.8
CVE-2026-36727 CRITICAL
bookcars 8.3 - Unauthenticated Authentication Bypass via Forged JWT Token
CVSS 9.1
CVE-2026-49848 MEDIUM
FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`
CVSS 4.3
CVE-2026-49843 MEDIUM
FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`
CVSS 5.3
CVE-2026-44810 HIGH
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVSS 8.4
CVE-2026-41720 HIGH
Authentication Bypass with Empty Password in Spring LDAP
CVSS 7.4
CVE-2026-11618 HIGH
DTStack Taier Source Connection Test Endpoint LoginInterceptor.java preHandle improper authentication
CVSS 7.3
CVE-2026-50751 CRITICAL KEV
Check Point Quantum/Spark Gateways - Unauthenticated VPN Authentication Bypass
CVSS 9.3
CVE-2026-34123 HIGH
Whitelist Validation Bypass in TP-Link Tapo C520WS
CVE-2026-46389 CRITICAL
UDS Identity Config 0.11.0-0.26.0 - Client Authentication Bypass
CVSS 10.0
CVE-2026-11345 MEDIUM
Improper Authentication Bypass in linqi CDN File Access
CVE-2026-6274 CRITICAL
Authentication Bypass in DTS Electronics' Redline WR3200
CVSS 9.8
CVE-2026-49203 HIGH
Acer Connect M6E 5G Portable WiFi Router - Unauthenticated eSIM Configuration Manipulation
CVSS 8.3
CVE-2026-49202 HIGH
Acer Connect M6E 5G Portable WiFi Router - Unverified Meeting Recording Endpoints & Permissive CORS
CVSS 8.6
CVE-2026-49194 HIGH
Acer Connect M6E 5G Portable WiFi Router - SCREEN_CLICK Authentication Bypass
CVSS 8.8
CVE-2026-49191 CRITICAL
Acer Connect M6E 5G Portable WiFi Router - Exposed Hard-Coded M3WebServer Backend API Key
CVSS 9.8
CVE-2026-49186 CRITICAL
Acer Connect M6E 5G Portable WiFi Router - Lack of MQTT Broker Topic Access Control Lists
CVSS 9.8
Details
Vulnerabilities 4,319
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits