Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,140 vulnerabilities with CWE-862

CVE-2026-45242 HIGH

Summarize < 0.15.1 Path Traversal via slidesDir Parameter

CVE-2026-5163 MEDIUM

Missing authorization check in AI message rewrite endpoint allows access to private thread content

CVE-2026-3117 MEDIUM

Instance and webhook GitLab plugin commands were able to be run by non-admin users

CVE-2026-3637 MEDIUM

Mattermost fails to enforce create_post permission when editing posts

CVE-2026-1631 MEDIUM

Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

CVE-2026-8681 MEDIUM

Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter

CVE-2026-45667 MEDIUM

Open WebUI Memories Endpoint - Unauthenticated Embedding Generation DoS

CVE-2026-45350 HIGH

Open WebUI: Chat completion API allows tool restrictions to be bypassed

CVE-2026-44571 MEDIUM

Open WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read Permission

CVE-2026-44569 HIGH

Open WebUI: Insecure Message Access Breaks Authorization

CVE-2026-45395 HIGH

Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution

CVE-2026-45399 HIGH

Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption

CVE-2026-44563 MEDIUM

Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

CVE-2026-44562 MEDIUM

Open WebUI: Model Import Overwrites Any Model Without Ownership Check

CVE-2026-44560 MEDIUM

Open WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector Search

CVE-2026-44559 MEDIUM

Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels

CVE-2026-44558 MEDIUM

Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants

CVE-2026-44556 HIGH

Open WebUI: responses passthrough endpoint lacks access control authorization

CVE-2026-44555 HIGH

Open WebUI: Base Model Routing Bypasses Access Control via Model Chaining

CVE-2026-44554 HIGH

Open WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

CVE-2026-44550 MEDIUM

Open WebUI: Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

CVE-2026-46365 MEDIUM

phpMyFAQ - Missing Authorization in Tag Deletion Endpoint

CVE-2026-45007 MEDIUM

phpMyFAQ - Missing Permission Check on 12 Configuration API Endpoints Allows Information Disclosure

CVE-2026-44719 MEDIUM

Mathesar: Missing collaborator checks allowed access to database-scoped Mathesar metadata

CVE-2026-44718 MEDIUM

Mathesar: Missing collaborator checks allowed access to saved explorations in other databases

Previous Page 12 of 326 Next

Details

Vulnerabilities 8,140

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy