CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,047 vulnerabilities with CWE-863
CVE-2026-21621 MEDIUM
hexpm hexpm/hexpm - Privilege Escalation
CVSS 5.3
CVE-2026-3009 HIGH
Keycloak < 26.5.5 - Incorrect Authorization via Disabled Identity Provider Bypass
CVSS 8.1
CVE-2026-3236 MEDIUM
Octopus Server - Privilege Escalation
CVSS 4.3
CVE-2026-29127 HIGH
datacast SFX2100 Firmware - Improper Privilege Management via Overly Permissive Home Directory Permissions
CVSS 7.8
CVE-2026-29126 HIGH
International Data Casting SFX2100 Satellite Receiver - Local Privilege Escalation via World-Writable DHCP Event Script
CVSS 7.8
CVE-2026-27803 HIGH
Vaultwarden <1.35.4 - Privilege Escalation
CVSS 8.3
CVE-2026-27802 HIGH
Vaultwarden <1.35.4 - Privilege Escalation
CVSS 8.3
CVE-2026-26949 MEDIUM
Dell DDMA <26.02 - Privilege Escalation
CVSS 5.5
CVE-2026-3103 MEDIUM
Checkmk <2.4.0p23/<2.3.0p43/2.2.0 - DoS
CVSS 5.4
CVE-2026-3136 CRITICAL
Google Cloud Build <2026-1-26 - Auth Bypass
CVSS 9.8
CVE-2026-28354 MEDIUM
ClipBucket <5.5.3 #59 - Privilege Escalation
CVSS 6.5
CVE-2026-2293 CRITICAL
NestJS platform-fastify < 11.1.14 - Authentication Bypass via Fastify Path Normalization
CVSS 9.8
CVE-2026-27653 MEDIUM
Soliton Systems K.K. Installers - Privilege Escalation
CVSS 6.7
CVE-2026-28227 LOW
Discourse < 2025.12.2, 2026.1.1, 2026.2.0 - Incorrect Authorization via Topic Timer
CVSS 2.7
CVE-2026-27153 LOW
Discourse <2025.12.2/2026.1.1/2026.2.0 - Info Disclosure
CVSS 2.7
CVE-2026-25741 HIGH
Zulip <bf28c82 - Privilege Escalation
CVSS 7.1
CVE-2026-26973 MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - IDOR
CVSS 4.3
CVE-2026-26265 HIGH
Discourse <2025.12.2 - Info Disclosure
CVSS 7.5
CVE-2026-25963 MEDIUM
Fleet <4.80.1 - Privilege Escalation
CVSS 6.5
CVE-2026-27899 HIGH
WireGuard Portal <2.1.3 - Privilege Escalation
CVSS 8.8
CVE-2026-24487 MEDIUM
OpenEMR < 8.0.0 - Unauthenticated Authorization Bypass in FHIR CareTeam Endpoint
CVSS 6.5
CVE-2026-27607 HIGH
RustFS 1.0.0-alpha.56-82 - Auth Bypass
CVSS 8.1
CVE-2026-25127 MEDIUM
OpenEMR <8.0.0 - Privilege Escalation
CVSS 6.5
CVE-2026-1768 MEDIUM
Devolutions Server <2025.3.15 - Auth Bypass
CVSS 4.3
CVE-2026-23984 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
CVSS 6.5
Details
Vulnerabilities 3,047
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits