CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,319 vulnerabilities with CWE-287

CVE-2026-26141 HIGH

Azure Automation Hybrid Worker Windows Extension < 1.3.74 - Privilege Escalation via Improper Authentication

CVSS 7.8

CVE-2026-26128 HIGH

Windows SMB Server - Privilege Escalation

CVSS 7.8

CVE-2026-24294 HIGH

Windows SMB Server - Privilege Escalation

CVSS 7.8

CVE-2026-0953 CRITICAL

Tutor LMS Pro <= 3.9.5 - Unauthenticated Authentication Bypass via Social Login Email Mismatch

CVSS 9.8

CVE-2026-3794 HIGH

doramart DoraCMS 3.0.x - Auth Bypass

CVSS 7.3

CVE-2026-3739 MEDIUM

suitenumerique messages 0.2.0 - Auth Bypass

CVSS 6.3

CVE-2026-30863 CRITICAL

Parse Server <8.6.10/9.5.0-alpha.11 - Auth Bypass

CVSS 9.8

CVE-2026-30851 HIGH

Caddy 2.10.0-2.11.1 - Privilege Escalation

CVSS 8.1

CVE-2026-29193 HIGH

Zitadel 4.0.0-4.12.0 - Improper Authentication via Login V2 UI

CVSS 8.2

CVE-2026-30223 HIGH

olivetin < 3000.11.1 - Insufficient JWT Audience Verification

CVSS 8.8

CVE-2026-30831 CRITICAL

Rocket.Chat < 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, 8.2.0 - Authentication Bypass

CVSS 9.8

CVE-2026-28514 CRITICAL

Rocket.Chat < 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, 8.0.0 - Authentication Bypass

CVSS 9.8

CVE-2026-28800 MEDIUM

Natro Macro <1.1.0 - Unauthenticated RCE

CVSS 6.4

CVE-2026-28787 HIGH

OneUptime < 10.0.11 - Authentication Bypass via WebAuthn Challenge Replay

CVSS 8.2

CVE-2026-28428 MEDIUM

Talishar < a9c218efa37756c9e7eed056fbff6ee03f79aefc - Unauthenticated Authentication Bypass via Empty authKey Parameter

CVSS 5.3

CVE-2026-29093 HIGH

WWBN AVideo <24.0 - Session Hijacking

CVSS 8.1

CVE-2026-28471 MEDIUM

OpenClaw 2026.1.14-1-2026.2.2 - Improper Authentication via Display Name and Localpart Matching

CVSS 5.3

CVE-2026-3224 CRITICAL

Devolutions Server <2025.3.15.0 - Auth Bypass

CVSS 9.8

CVE-2026-24898 CRITICAL

OpenEMR < 8.0.0 - Unauthenticated Token Disclosure via MedEx Callback Endpoint

CVSS 10.0

CVE-2026-23600 CRITICAL

HPE AutoPass License Server - Auth Bypass

CVE-2026-28408 CRITICAL

WeGIA < 3.6.5 - Unauthenticated Improper Authentication via adicionar_tipo_docs_atendido.php

CVSS 9.8

CVE-2026-27939 HIGH

Statmatic 6.0.0-6.3.9 - Privilege Escalation

CVSS 8.8

CVE-2026-1305 MEDIUM

Japanized for WooCommerce <=2.8.4 - Auth Bypass

CVSS 5.3

CVE-2026-28215 CRITICAL

hoppscotch < 2026.2.0 - Unauthenticated Infrastructure Configuration Overwrite via Onboarding Endpoint

CVSS 9.1

CVE-2026-26077 MEDIUM

Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass

CVSS 6.5

Details

Vulnerabilities 4,319

Exploit Likelihood High

Links