CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,319 vulnerabilities with CWE-287
CVE-2026-27968 MEDIUM
packistry < 0.13.0 - Improper Authentication via Expired Deploy Token
CVSS 4.3
CVE-2026-3194 MEDIUM
Chia Blockchain 2.1.0 - Auth Bypass
CVSS 4.5
CVE-2026-3192 MEDIUM
Chia Blockchain 2.1.0 - Auth Bypass
CVSS 5.6
CVE-2026-20129 CRITICAL
Cisco Catalyst SD-WAN Manager - Auth Bypass
CVSS 9.8
CVE-2026-20127 CRITICAL KEV
Cisco Catalyst SD-WAN - Auth Bypass
CVSS 10.0
CVE-2026-27611 MEDIUM
FileBrowser Quantum <1.1.3/1.2.6 - Auth Bypass
CVSS 6.5
CVE-2026-24241 MEDIUM
NVIDIA Delegated Licensing Service - Auth Bypass
CVSS 4.3
CVE-2026-3053 HIGH
DataLinkDC dinky <1.2.5 - Auth Bypass
CVSS 7.3
CVE-2026-27197 CRITICAL
Sentry 21.12.0-26.1.0 - Auth Bypass
CVSS 9.1
CVE-2026-27134 HIGH
Strimzi 0.49.0-0.50.0 - Auth Bypass
CVSS 8.1
CVE-2026-1368 HIGH
Zoom WordPress Plugin <4.6.6 - Auth Bypass
CVSS 7.5
CVE-2026-26119 HIGH
Windows Admin Center - Privilege Escalation
CVSS 8.8
CVE-2026-25922 HIGH
authentik <2025.8.6, 2025.10.4, 2025.12.4 - SSRF
CVSS 8.8
CVE-2026-25748 HIGH
authentik <2025.10.4, <2025.12.4 - Auth Bypass
CVSS 8.6
CVE-2026-20655 MEDIUM
iPadOS < 18.7.5 - Unauthenticated Sensitive User Information Exposure via Locked Device
CVSS 5.5
CVE-2026-2249 CRITICAL
METIS DFS <oscore 2.1.234-r18 - RCE
CVSS 9.8
CVE-2026-2248 CRITICAL
METIS WIC <= oscore 2.1.234-r18 - RCE
CVSS 9.8
CVE-2026-21508 HIGH
Windows 10/11 Privilege Escalation via Untrusted Search Path
CVSS 7.0
CVE-2026-23906 CRITICAL
Apache Druid 0.17.0-35.x - Authentication Bypass via LDAP Anonymous Bind
CVSS 9.8
CVE-2026-25893 CRITICAL
FUXA < 1.2.10 - Unauthenticated Authentication Bypass via Heartbeat Refresh API
CVSS 9.8
CVE-2026-2174 HIGH
Contact Management System 1.0 - Improper Authentication via CRUD Endpoint ID Argument
CVSS 7.3
CVE-2026-2165 HIGH
detronetdip E-commerce 1.0.0 - Info Disclosure
CVSS 7.3
CVE-2026-25804 CRITICAL
antrea < 2.3.2 - Incorrect Traffic Enforcement via OpenFlow Priority Calculation Overflow
CVSS 9.1
CVE-2026-2065 MEDIUM
Flycatcher Toys smART Pixelator 2.0 - Auth Bypass
CVSS 6.3
CVE-2026-1568 CRITICAL
Rapid7 InsightVM <8.34.0 - Privilege Escalation
CVSS 9.6
Details
Vulnerabilities 4,319
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits