CWE-287 · Improper Authentication

4378 CVEs classified under CWE-287 (Improper Authentication). Browse by severity and year.

Top CVEs for CWE-287
CVESeverityScorePublishedSummary
CVE-2026-49869Critical10.02026-06-26Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("…
CVE-2026-45480Critical10.02026-06-19Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-46389Critical10.02026-06-05UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0…
CVE-2026-10611Critical10.02026-06-02An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.m…
CVE-2026-46840Critical10.02026-05-28Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulne…
CVE-2026-47280Critical10.02026-05-22Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42822Critical10.02026-05-18Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-20182Critical10.02026-05-14May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in Februar…
CVE-2026-42869Critical10.02026-05-11SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded…
CVE-2026-41070Critical10.02026-05-08openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to…
CVE-2026-41679Critical10.02026-04-23Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker ca…
CVE-2026-30836Critical10.02026-03-19Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unau…
CVE-2026-24898Critical10.02026-03-03OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vu…
CVE-2026-20127Critical10.02026-02-25A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vMana…
CVE-2025-70841Critical10.02026-02-03Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct…
CVE-2025-44005Critical10.02025-12-17An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorizati…
CVE-2025-63224Critical10.02025-11-19The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JW…
CVE-2025-63216Critical10.02025-11-18The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid J…
CVE-2025-55241Critical10.02025-09-04Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-54419Critical10.02025-07-28A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response documen…