CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,195 vulnerabilities with CWE-287
CVE-2026-35903 CRITICAL
MERCURY MIPC252W 1.0.5 - Auth Bypass
CVSS 9.8
CVE-2026-41081 MEDIUM
Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
CVSS 6.5
CVE-2026-7113 MEDIUM
NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
CVSS 5.6
CVE-2026-7112 MEDIUM
NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication
CVSS 5.6
CVE-2026-7042 HIGH
666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
CVSS 7.3
CVE-2026-7022 HIGH
SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication
CVSS 7.3
CVE-2026-41428 CRITICAL
Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
CVSS 9.1
CVE-2026-42041 MEDIUM
Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy
CVSS 4.8
CVE-2026-41276 CRITICAL
Flowise: AccountService resetPassword Authentication Bypass Vulnerability
CVSS 9.8
CVE-2026-41679 CRITICAL
Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
CVSS 10.0
CVE-2026-41145 HIGH
MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
CVSS 8.2
CVE-2026-40344 HIGH
MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
CVSS 8.2
CVE-2026-40946 CRITICAL
Oxia: OIDC token audience validation bypass via SkipClientIDCheck
CVE-2026-40910 MEDIUM
frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control
CVSS 6.5
CVE-2026-6729 MEDIUM
HKUDS OpenHarness Session Key Collision Privilege Escalation
CVSS 6.3
CVE-2026-33432 CRITICAL
Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass
CVSS 9.1
CVE-2026-6635 HIGH
rowboatlabs rowboat tools_webhook app.py tool_call improper authentication
CVSS 7.3
CVE-2026-6588 MEDIUM
serge-chat serge Model API Endpoint model.py delete_model missing authentication
CVSS 6.5
CVE-2026-6582 HIGH
TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_details missing authentication
CVSS 7.3
CVE-2026-6579 MEDIUM
liangliangyy DjangoBlog Clean Endpoint views.py missing authentication
CVSS 6.5
CVE-2026-6577 HIGH
liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication
CVSS 7.3
CVE-2026-6569 HIGH
kodcloud KodExplorer fileGet Endpoint share.class.php improper authentication
CVSS 7.3
CVE-2026-32072 MEDIUM
Active Directory Spoofing Vulnerability
CVSS 6.2
CVE-2026-23708 HIGH
FortiSOAR PaaS 7.6.0-7.6.3 - Auth Bypass
CVSS 7.5
CVE-2026-6129 HIGH
zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication
CVSS 7.3
Details
Vulnerabilities 4,195
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits