CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,319 vulnerabilities with CWE-287
CVE-2026-4587 LOW
HybridAuth SSL Curl.php certificate validation
CVSS 3.7
CVE-2026-4583 MEDIUM
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay
CVSS 5.0
CVE-2026-4582 MEDIUM
Shenzhen HCC Technology MPOS M6 PLUS Bluetooth missing authentication
CVSS 5.0
CVE-2026-4562 HIGH
MacCMS Timming API Endpoint Timming.php weak authentication
CVSS 7.3
CVE-2026-2756 MEDIUM
OmniPEMF NeoRhythm BLE missing authentication
CVSS 5.0
CVE-2026-32305 MEDIUM
Traefik mTLS bypass via fragmented ClientHello SNI extraction failure
CVSS 5.3
CVE-2026-33124 HIGH
Frigate has insecure password change functionality
CVSS 8.8
CVE-2026-4476 MEDIUM
Yi Technology YI Home Camera CGI Endpoint ipc missing authentication
CVSS 6.3
CVE-2026-32815 MEDIUM
SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure
CVE-2026-30836 CRITICAL
Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
CVSS 10.0
CVE-2026-32730 HIGH
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
CVSS 8.1
CVE-2026-33042 MEDIUM
Parse Server affected by empty authData bypassing credential requirement on signup
CVSS 5.3
CVE-2026-2991 HIGH
KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token
CVSS 7.3
CVE-2026-25937 MEDIUM
GLPI 11.0.0-11.0.5 MFA - Authentication Bypass
CVSS 6.5
CVE-2026-4349 MEDIUM
Duende IdentityServer Token Renewal Endpoint authorize improper authentication
CVSS 5.6
CVE-2026-4252 CRITICAL
Tenda AC8 IPv6 check_is_ipv6 ip address for authentication
CVSS 9.8
CVE-2026-4187 MEDIUM
Tiandy Easy7 Integrated Management Platform 7.17.0 - Missing Authentication via Device Identifier Handler
CVSS 5.3
CVE-2026-21004 MEDIUM
Samsung Mobile Smart Switch < 3.7.69.15 - Denial of Service via Improper Authentication
CVSS 6.5
CVE-2026-32246 HIGH
tinyauth < 5.0.3 - Improper Authentication via OIDC Authorization Endpoint
CVSS 8.5
CVE-2026-32136 CRITICAL
AdGuard Home <0.107.73 - Auth Bypass
CVSS 9.8
CVE-2026-1524 CRITICAL
Neo4j Enterprise <2026.02 - Auth Bypass
CVSS 9.8
CVE-2026-23813 CRITICAL
HPE AOS-CX Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2026-30967 HIGH
Parse Server <9.5.2-alpha.9/8.6.22 - Auth Bypass
CVSS 8.8
CVE-2026-30949 HIGH
Parse Server <9.5.2-alpha.5/8.6.18 - Auth Bypass
CVSS 8.8
CVE-2026-29792 CRITICAL
Feathersjs 5.0.0-5.0.41 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 4,319
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits