CWE-303

Incorrect Implementation of Authentication Algorithm

Parent: CWE-1390 - Weak Authentication

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

84 vulnerabilities with CWE-303
CVE-2026-46389 CRITICAL
UDS Identity Config 0.11.0-0.26.0 - Client Authentication Bypass
CVSS 10.0
CVE-2026-8922 MEDIUM
Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services
CVSS 5.4
CVE-2026-41103 CRITICAL
Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
CVSS 9.1
CVE-2026-43640 HIGH
Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key
CVSS 8.1
CVE-2026-33190 HIGH
CoreDNS TSIG authentication bypass on encrypted DNS transports
CVSS 7.5
CVE-2026-0073 HIGH
Google Android <16-qpr2 - Auth Bypass
CVSS 8.8
CVE-2026-27656 MEDIUM
Account Takeover via Substring Matching in OpenID Connect Authentication
CVSS 5.7
CVE-2026-32953 MEDIUM
Tillitis TKey Client <1.3.0 User Secrets - Protocol Implementation Error
CVSS 4.6
CVE-2026-29515 CRITICAL
MiCode FileExplorer - Unauthenticated Authentication Bypass in SwiFTP FTP Server
CVSS 9.8
CVE-2026-28446 CRITICAL
OpenClaw < 2026.2.2 - Authentication Bypass via Empty Caller ID or Suffix Matching
CVSS 9.4
CVE-2026-0999 MEDIUM
Mattermost 11.1.x-11.1.2 - Auth Bypass
CVSS 5.4
CVE-2025-14510 HIGH
ABB Ability OPTIMAX <6.3.1-251120, <6.4.1-251120 - Incorrect Implem...
CVSS 8.1
CVE-2025-4676 HIGH
ABB WebPro SNMP Card PowerValue <1.1.8.K - Auth Bypass
CVSS 8.8
CVE-2025-14273 HIGH
Mattermost <11.1.0, 10.12.3, 10.11.7 - Auth Bypass
CVSS 7.2
CVE-2025-66489 CRITICAL
Cal.com < 5.9.8 - Authentication Bypass via TOTP Code
CVSS 9.8
CVE-2025-13390 CRITICAL
WP Directory Kit <= 1.4.4 - Unauthenticated Authentication Bypass via Weak Auto-Login Token
CVSS 10.0
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
CVSS 9.9
CVE-2025-12419 CRITICAL
Mattermost <10.12.1, 10.11.4, 10.5.12, 11.0.3 - Open Redirect
CVSS 9.9
CVE-2025-63210 CRITICAL
Newtec Celox UHD CELOXA504 and CELOXA820 Firmware - Authentication Bypass via /celoxservice Response Injection
CVSS 9.8
CVE-2025-53782 HIGH
Microsoft Exchange Server - Privilege Escalation
CVSS 8.4
CVE-2025-61783 MEDIUM
Python Social Auth <5.6.0 - Info Disclosure
CVE-2025-43727 HIGH
Dell PowerProtect Data Domain - Auth Bypass
CVSS 7.5
CVE-2025-57808 HIGH
ESPHome < 2025.8.1 - Unauthenticated Authentication Bypass via Empty or Substring Authorization Header
CVSS 8.1
CVE-2025-8881 MEDIUM
Google Chrome < 139.0.7258.127 - Cross-Origin Data Leak via File Picker
CVSS 6.5
CVE-2025-43856 HIGH
immich < 1.132.0 - Account Hijacking via OAuth2 State Parameter Mismatch
Details
Vulnerabilities 84
Links
MITRE CWE Entry Search this CWE With Exploits