CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,195 vulnerabilities with CWE-287
CVE-2026-34121 HIGH
Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS
CVSS 8.8
CVE-2026-33746 CRITICAL
Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users
CVSS 9.8
CVE-2026-5320 HIGH
vanna-ai vanna Chat API Endpoint v2 missing authentication
CVSS 7.3
CVE-2026-4101 HIGH
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
CVSS 8.1
CVE-2026-34873 CRITICAL
Mbed TLS 3.5.0-4.0.0 - Client Impersonation
CVSS 9.1
CVE-2026-34531 MEDIUM
Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
CVSS 6.5
CVE-2026-34072 HIGH
cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution
CVSS 8.3
CVE-2026-4829 MEDIUM
Devolutions Server <=2026.1.11 - Privilege Escalation
CVSS 5.4
CVE-2026-34204 HIGH
MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
CVSS 7.1
CVE-2026-31946 CRITICAL
OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow
CVSS 9.8
CVE-2026-0558 CRITICAL
Unauthenticated File Upload in parisneo/lollms
CVSS 9.8
CVE-2026-5000 HIGH
PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication
CVSS 7.3
CVE-2026-34389 MEDIUM
Fleet's user account creation via invite does not enforce invited email address
CVSS 6.5
CVE-2026-4959 HIGH
OpenBMB XAgent ShareServer WebSocket Endpoint share.py check_user missing authentication
CVSS 7.3
CVE-2026-27856 HIGH
OX Dovecot Pro <2.3.0 - Timing Oracle
CVSS 7.4
CVE-2026-33898 HIGH
Local Incus UI web server vulnerable to nuthentication bypass
CVSS 8.8
CVE-2026-4831 LOW
kalcaddle kodbox Password-protected Share auth.class.php can improper authentication
CVSS 3.7
CVE-2026-33248 MEDIUM
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
CVSS 4.2
CVE-2026-33246 MEDIUM
NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
CVSS 6.4
CVE-2026-33665 HIGH
n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
CVSS 7.5
CVE-2026-33215 MEDIUM
NATS is vulnerable to MQTT hijacking via Client ID
CVSS 6.5
CVE-2026-33322 CRITICAL
MinIO: JWT Algorithm Confusion in OIDC Authentication
CVSS 9.8
CVE-2026-33314 MEDIUM
pyload-ng: Improper Authentication and Origin Validation Error
CVSS 6.5
CVE-2026-33409 CRITICAL
Parse Server: Auth provider validation bypass on login via partial authData
CVSS 9.1
CVE-2026-33473 MEDIUM
Vikunja has TOTP Reuse During Validity Window
CVSS 5.7
Details
Vulnerabilities 4,195
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits