CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,205 vulnerabilities with CWE-306
CVE-2026-39858 HIGH
Traefik: Forwarded alias spoofing top pre-auth decision bypass
CVE-2026-35514 MEDIUM
Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew
CVSS 6.5
CVE-2026-0204 HIGH
SonicWall SonicOS <=6.5.5.1-6n - Auth Bypass
CVSS 8.0
CVE-2026-41940 CRITICAL KEV
cPanel and WHM Authentication Bypass via Login Flow
CVSS 9.8
CVE-2026-3893 CRITICAL
Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
CVSS 9.4
CVE-2026-5944 HIGH
Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access
CVSS 8.2
CVE-2026-3323 HIGH
VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices
CVSS 7.5
CVE-2026-41603 HIGH
Apache Thrift: Java TSSLTransportFactory hostname verification
CVSS 7.4
CVE-2026-7113 MEDIUM
NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
CVSS 5.6
CVE-2026-7042 HIGH
666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
CVSS 7.3
CVE-2026-41473 CRITICAL
CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints
CVSS 9.1
CVE-2026-41477 HIGH
Deskflow: Local privilege escalation via unauthenticated IPC
CVSS 7.8
CVE-2026-6272 HIGH
Eclipse KUKSA - Databroker <0.6.0 - Privilege Escalation
CVE-2026-40620 CRITICAL
SenseLive X3050 Missing authentication for critical function
CVSS 9.8
CVE-2026-35064 HIGH
SenseLive X3050 Missing authentication for critical function
CVSS 7.5
CVE-2026-27843 CRITICAL
SenseLive X3050 Missing authentication for critical function
CVSS 9.1
CVE-2026-25775 CRITICAL
SenseLive X3050 Missing authentication for critical function
CVSS 9.8
CVE-2026-42095 MEDIUM
KDE Arianna <26.04.1 - Info Disclosure
CVSS 4.0
CVE-2026-6376 HIGH
Missing authentication for critical function in SpiceJet Online Booking System
CVE-2026-41273 HIGH
Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow
CVSS 8.2
CVE-2026-23751 CRITICAL
Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting
CVSS 9.8
CVE-2026-41179 CRITICAL
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
CVSS 9.8
CVE-2026-41176 CRITICAL
Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
CVSS 9.8
CVE-2026-5749 HIGH
Inadequate access control vulnerability in Fullstep
CVE-2026-40344 HIGH
MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
CVSS 8.2
Details
Vulnerabilities 2,205
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits