CWE-306
Missing Authentication for Critical Function
Description
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-12 · CAPEC-166 · CAPEC-216 · CAPEC-36 · CAPEC-62
CVEs mapped to this weakness (964)
page 23 of 49| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40289 | Cri | 0.52 | 9.1 | 0.00 | Apr 14, 2026 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on… | ||
| CVE-2026-34952 | Cri | 0.52 | 9.1 | 0.00 | Apr 3, 2026 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages… | ||
| CVE-2026-34758 | Cri | 0.52 | 9.1 | 0.00 | Apr 2, 2026 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version… | ||
| CVE-2026-27509 | Hig | 0.52 | 8.0 | 0.00 | Feb 26, 2026 | Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join… | ||
| CVE-2024-48920 | — | Cri | 0.52 | 9.1 | 0.00 | Oct 17, 2024 | PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system… | |
| CVE-2026-9045 | Hig | 0.51 | 7.8 | 0.00 | Jun 10, 2026 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges. | ||
| CVE-2026-50512 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26160 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26159 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33788 | Hig | 0.51 | 7.8 | 0.00 | Apr 9, 2026 | A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local… | ||
| CVE-2026-24062 | Hig | 0.51 | 7.8 | 0.00 | Mar 18, 2026 | The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege… | ||
| CVE-2025-10672 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2025 | A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires… | ||
| CVE-2025-9815 | Hig | 0.51 | 7.8 | 0.00 | Sep 2, 2025 | A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the… | ||
| CVE-2025-41686 | — | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access. | |
| CVE-2024-9062 | — | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2025 | The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged… | |
| CVE-2021-26280 | — | Hig | 0.51 | 7.9 | 0.00 | Dec 17, 2024 | Locally installed application can bypass the permission check and perform system operations that require permission. | |
| CVE-2018-5486 | Hig | 0.51 | 7.8 | 0.00 | Apr 25, 2018 | NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. | ||
| CVE-2015-9030 | Hig | 0.51 | 7.8 | 0.01 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. | ||
| CVE-2008-6827 | Hig | 0.51 | 7.8 | 0.01 | Jun 8, 2009 | The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite… | ||
| CVE-2026-50287 | Hig | 0.50 | — | 0.00 | Jun 12, 2026 | AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A… |
- risk 0.52cvss 9.1epss 0.00
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on…
- risk 0.52cvss 9.1epss 0.00
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages…
- risk 0.52cvss 9.1epss 0.00
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version…
- risk 0.52cvss 8.0epss 0.00
Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join…
- risk 0.52cvss 9.1epss 0.00
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system…
- risk 0.51cvss 7.8epss 0.00
During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
- risk 0.51cvss 7.8epss 0.00
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local…
- risk 0.51cvss 7.8epss 0.00
The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege…
- risk 0.51cvss 7.8epss 0.00
A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires…
- risk 0.51cvss 7.8epss 0.00
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the…
- risk 0.51cvss 7.8epss 0.00
A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.
- risk 0.51cvss 7.8epss 0.00
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged…
- risk 0.51cvss 7.9epss 0.00
Locally installed application can bypass the permission check and perform system operations that require permission.
- risk 0.51cvss 7.8epss 0.00
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
- risk 0.51cvss 7.8epss 0.01
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite…
- risk 0.50cvss —epss 0.00
AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A…