Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-43504 MEDIUM

Prosody <0.12.6, 1.0.0-13.0.0 <13.0.5 - Auth Bypass

CVE-2026-43001 HIGH

OpenStack Keystone 13-29 - Privilege Escalation

CVE-2026-41174 MEDIUM

Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

CVE-2026-5712 HIGH

IdentityIQ Role Editor Incorrect Authorization Vulnerability

CVE-2026-42432 HIGH

OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass

CVE-2026-42431 HIGH

OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass

CVE-2026-42429 HIGH

OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication

CVE-2026-42426 HIGH

OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope

CVE-2026-42422 HIGH

OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function

CVE-2026-41910 MEDIUM

OpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes

CVE-2026-41404 HIGH

OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authentication

CVE-2026-41381 MEDIUM

OpenClaw < 2026.3.31 - Access Control Bypass in Discord Voice Manager via Channel Allowlist

CVE-2026-41379 HIGH

OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config

CVE-2026-41375 MEDIUM

OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints

CVE-2026-41371 HIGH

OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command

CVE-2026-41367 MEDIUM

OpenClaw 2026.2.14 < 2026.3.28 - Policy Enforcement Bypass in Discord Component Interactions

CVE-2026-41248 CRITICAL

Official Clerk JavaScript SDKs: Middleware-based route protection bypass

CVE-2026-41427 HIGH

Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients

CVE-2026-30368 MEDIUM

Lightspeed Classroom 5.1.2.1763770643 - Auth Bypass

CVE-2026-25660 CRITICAL

Authentication bypass for certain API calls

CVE-2026-23902 HIGH

Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.

CVE-2026-41068 HIGH

Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

CVE-2026-41325 HIGH

Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection

CVE-2026-40099 MEDIUM

Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter

CVE-2026-41350 MEDIUM

OpenClaw < 2026.3.31 - Session Visibility Bypass via session_status in Unsandboxed Invocations

Page 1 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy