CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,041 vulnerabilities with CWE-863
CVE-2026-44882 HIGH
Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
CVSS 8.1
CVE-2026-44850 HIGH
Portainer: Bind-mount restriction bypass via HostConfig.Mounts
CVSS 8.5
CVE-2026-46823 HIGH
Oracle Public Sector Financials (International) 12.2.6-12.2.15 - Unauthorized Data Access via Authorization Component
CVSS 7.7
CVE-2026-42070 MEDIUM
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
CVE-2026-45042 HIGH
RustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy Source
CVE-2026-44394 MEDIUM
Openstack Keystone - Incorrect Authorization
CVSS 6.0
CVE-2026-43000 MEDIUM
Openstack Keystone - Incorrect Authorization
CVSS 6.0
CVE-2026-42999 MEDIUM
Openstack Keystone - Incorrect Authorization
CVSS 6.0
CVE-2026-42998 MEDIUM
Openstack Keystone - Incorrect Authorization
CVSS 6.0
CVE-2026-45297 MEDIUM
Cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch
CVE-2026-40914 MEDIUM
Apache ActiveMQ Artemis STOMP - Address Routing Authorization Bypass
CVSS 4.3
CVE-2026-9807 MEDIUM
Incorrect Authorization in GitLab
CVSS 4.3
CVE-2026-9791 MEDIUM
Keycloak-rhel9: organization data leak after feature disabled in keycloak
CVSS 4.3
CVE-2026-48064 HIGH
pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass
CVSS 8.1
CVE-2026-45108 HIGH
Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
CVSS 8.4
CVE-2026-44681 MEDIUM
Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization
CVSS 6.1
CVE-2026-6713 MEDIUM
Incorrect Authorization in GitLab
CVSS 5.3
CVE-2026-48152 HIGH
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
CVSS 8.1
CVE-2026-45718 MEDIUM
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
CVSS 5.4
CVE-2026-45081 MEDIUM
Frappe HR: Permission Bypass in HRMS Leave Details API
CVSS 6.5
CVE-2026-44473 HIGH
Ella Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponse
CVSS 7.1
CVE-2026-44330 CRITICAL
free5GC: NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions
CVSS 10.0
CVE-2026-44838 HIGH
RabbitMQ MQTT Topic Permission Authorization Bypass
CVSS 8.1
CVE-2026-42280 HIGH
auth0.js - Improper Permission Checking in Auth.js SDK
CVSS 7.1
CVE-2026-9603 MEDIUM
SourceCodester eDoc Doctor Appointment System delete-session.php authorization
CVSS 6.5
Details
Vulnerabilities 3,041
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits