CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,319 vulnerabilities with CWE-287
CVE-2026-46840 CRITICAL
Oracle REST Data Services 24.2.0-26.1.0 - Unauthenticated Remote Code Execution via HTTPS
CVSS 10.0
CVE-2026-46827 HIGH
Oracle Payroll 12.2.3-12.2.15 - Authenticated Remote Code Execution in Self Service Manager
CVSS 8.8
CVE-2026-46817 CRITICAL
Oracle Payments 12.2.3-12.2.15 - Unauthenticated Remote Code Execution via File Transmission
CVSS 9.8
CVE-2026-48526 HIGH
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
CVSS 7.4
CVE-2026-8979 CRITICAL
Mennekes Amtron < 5.22.3 - Authentication Bypass
CVE-2026-44720 MEDIUM
OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover
CVE-2026-44711 HIGH
pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption
CVSS 7.9
CVE-2026-47272 HIGH
pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer
CVSS 7.1
CVE-2026-44460 HIGH
FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret
CVSS 7.4
CVE-2026-7876 CRITICAL
Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration
CVSS 9.1
CVE-2026-8994 HIGH
Login with NEAR <= 0.3.3 - Authentication Bypass via 'account' Parameter
CVSS 8.1
CVE-2026-44847 HIGH
MaxKB: Webhook Trigger Authentication Bypass
CVSS 7.5
CVE-2026-47202 CRITICAL
Kavita: Pre-Auth Account Takeover
CVE-2026-44707 MEDIUM
Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts
CVSS 6.8
CVE-2026-48897 HIGH
Joomla! Core - [20260512] - MFA Authentication Bypass
CVSS 7.5
CVE-2026-48896 HIGH
Joomla! Core - [20260511] - MFA Authentication Bypass
CVSS 7.5
CVE-2026-9398 LOW
Besen BS20 EV Charging Station BLE/WiFi authentication replay
CVSS 3.1
CVE-2026-9373 LOW
JeecgBoot OpenAPI Endpoint call improper authentication
CVSS 3.7
CVE-2026-9371 MEDIUM
ItzCrazyKns Vane API route.ts missing authentication
CVSS 5.6
CVE-2026-47280 CRITICAL
Azure Resource Manager Elevation of Privilege Vulnerability
CVSS 10.0
CVE-2026-41076 HIGH
RT: LDAP authentication bypass via empty password
CVSS 8.1
CVE-2026-39969 MEDIUM
TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification
CVSS 6.5
CVE-2026-32253 CRITICAL
Sunshine: Authentication bypass via improper client certificate validation
CVSS 9.8
CVE-2026-44058 HIGH
Netatalk 2.2.2-4.4.2 - Authentication Bypass via Admin Auth User Mechanism
CVSS 7.2
CVE-2026-40165 HIGH
authentik: SAML NameID XML Comment Injection Enables Authentication Bypass via Identifier Truncation
CVSS 8.7
Details
Vulnerabilities 4,319
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits