CWE-306

High likelihood

Missing Authentication for Critical Function

Parent: CWE-287 - Improper Authentication

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

2,205 vulnerabilities with CWE-306
CVE-2026-5632 HIGH
assafelovic gpt-researcher HTTP REST API Endpoint missing authentication
CVSS 7.3
CVE-2026-5616 HIGH
JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication
CVSS 7.3
CVE-2026-4272 HIGH
Honeywell Barcode Scanners - Auth Bypass
CVSS 8.1
CVE-2026-34952 CRITICAL
PraisonAI: Missing Authentication in WebSocket Gateway
CVSS 9.1
CVE-2026-32646 HIGH
Gardyn Cloud API Missing Authentication for Critical Function
CVSS 7.5
CVE-2026-28767 MEDIUM
Gardyn Cloud API Missing Authentication for Critical Function
CVSS 5.3
CVE-2026-28766 CRITICAL
Gardyn Cloud API Missing Authentication for Critical Function
CVSS 9.3
CVE-2026-0545 CRITICAL
Missing Authentication for Critical Function in mlflow/mlflow
CVSS 9.8
CVE-2026-32211 CRITICAL
Azure MCP Server Information Disclosure Vulnerability
CVSS 9.1
CVE-2026-35053 CRITICAL
OneUptime: Unauthenticated Workflow Execution via ManualAPI
CVSS 9.8
CVE-2026-34758 CRITICAL
OneUptime: Missing Authentication on Notification Endpoints
CVSS 9.1
CVE-2026-33951 HIGH
signalk-server: Unauthenticated Source Priorities Manipulation
CVSS 7.5
CVE-2026-29132 HIGH
ESWmail-Verify Bypass
CVSS 7.5
CVE-2026-5320 HIGH
vanna-ai vanna Chat API Endpoint v2 missing authentication
CVSS 7.3
CVE-2026-21767 MEDIUM
HCL BigFix Platform is affected by insufficient authentication
CVSS 4.0
CVE-2026-34072 HIGH
cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution
CVSS 8.3
CVE-2026-34999 MEDIUM
OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access
CVSS 5.3
CVE-2026-4370 CRITICAL
Improper TLS Client/Server authentication and certificate verification on Database Cluster
CVSS 10.0
CVE-2026-34732 MEDIUM
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
CVSS 5.3
CVE-2026-34731 HIGH
AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php
CVSS 7.5
CVE-2026-1579 CRITICAL
PX4 Autopilot Missing authentication for critical function
CVSS 9.8
CVE-2026-3356 CRITICAL
Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
CVE-2026-34227 HIGH
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface
CVSS 8.8
CVE-2026-34200 HIGH
Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port
CVSS 7.5
CVE-2026-34162 CRITICAL
FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft
CVSS 10.0
Details
Vulnerabilities 2,205
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits