CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 90 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-0201 | Med | 0.39 | 5.9 | 0.10 | May 23, 2019 | An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string.… | ||
| CVE-2017-7677 | Med | 0.39 | 5.9 | 0.03 | Jun 14, 2017 | In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table. | ||
| CVE-2026-52812 | hig | 0.38 | — | 0.00 | Jun 23, 2026 | Summary Git LFS storage is content-addressed by OID alone (`/<oid[0]>/<oid[1]>/`) but per-repo authorization lives in the `lfs_object` table keyed `(repo_id, oid)`. `serveUpload` skips re-uploading when the OID file already exists on disk and inserts a new… | ||
| CVE-2026-52799 | hig | 0.38 | — | 0.00 | Jun 22, 2026 | ## Summary In Gogs 0.14.1, `GET /attachments/:uuid` returns the raw attachment file **without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository**. In a test environment with `REQUIRE_SIGNIN_VIEW = false`, we confirmed… | ||
| CVE-2026-54695 | hig | 0.38 | — | — | Jun 18, 2026 | ## Development Runner Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID ### Summary The pipecat development runner registers a `/ws` WebSocket endpoint for telephony testing that accepts connections without any authentication. An… | ||
| CVE-2026-54005 | hig | 0.38 | — | — | Jun 18, 2026 | ### TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages (`pages.access` permission is disabled). This can be due to configuration in the user blueprint(s), `options` in the model blueprint(s), or a combination of… | ||
| CVE-2026-54010 | hig | 0.38 | — | 0.00 | Jun 17, 2026 | ## Summary Open WebUI `v0.9.5` lets an authenticated user attach arbitrary `file_id` values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, `has_access_to_file()`… | ||
| CVE-2026-54322 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ### Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An… | ||
| CVE-2026-52714 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2026 | Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | ||
| CVE-2026-50026 | Med | 0.38 | — | 0.00 | Jun 12, 2026 | Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0. | ||
| CVE-2026-47412 | hig | 0.38 | — | 0.00 | Jun 1, 2026 | ## Summary **Type:** Authorization bypass enabling destructive action. The `DELETE /workspaces/{workspace_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member of the workspace can issue a single DELETE to wipe the… | ||
| CVE-2026-47409 | hig | 0.38 | — | 0.00 | May 29, 2026 | ## Summary **Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can remove any other member, including the… | ||
| CVE-2026-47405 | hig | 0.38 | — | 0.00 | May 29, 2026 | ### Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to `owner`. The issue is caused by privileged workspace-management routes using the shared dependency… | ||
| CVE-2026-48169 | hig | 0.38 | — | 0.00 | May 29, 2026 | ### Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and… | ||
| CVE-2026-47394 | hig | 0.38 | — | 0.00 | May 29, 2026 | ## Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_server/adapters/cli_tools.py`: > "registers four file-handling tools by default, `praisonai.rules.create`,… | ||
| CVE-2026-0246 | Med | 0.38 | — | 0.00 | May 13, 2026 | A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to… | ||
| CVE-2026-27344 | Med | 0.38 | 5.9 | 0.00 | Mar 5, 2026 | Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= 1.0.5. | ||
| CVE-2025-67970 | Med | 0.38 | 5.9 | 0.00 | Feb 20, 2026 | Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0. | ||
| CVE-2026-0829 | Med | 0.38 | 5.8 | 0.01 | Feb 17, 2026 | The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess… | ||
| CVE-2025-13391 | Med | 0.38 | 5.8 | 0.00 | Feb 11, 2026 | The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. This… |
- risk 0.39cvss 5.9epss 0.10
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string.…
- risk 0.39cvss 5.9epss 0.03
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
- risk 0.38cvss —epss 0.00
Summary Git LFS storage is content-addressed by OID alone (`/<oid[0]>/<oid[1]>/`) but per-repo authorization lives in the `lfs_object` table keyed `(repo_id, oid)`. `serveUpload` skips re-uploading when the OID file already exists on disk and inserts a new…
- risk 0.38cvss —epss 0.00
## Summary In Gogs 0.14.1, `GET /attachments/:uuid` returns the raw attachment file **without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository**. In a test environment with `REQUIRE_SIGNIN_VIEW = false`, we confirmed…
- risk 0.38cvss —epss —
## Development Runner Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID ### Summary The pipecat development runner registers a `/ws` WebSocket endpoint for telephony testing that accepts connections without any authentication. An…
- risk 0.38cvss —epss —
### TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages (`pages.access` permission is disabled). This can be due to configuration in the user blueprint(s), `options` in the model blueprint(s), or a combination of…
- risk 0.38cvss —epss 0.00
## Summary Open WebUI `v0.9.5` lets an authenticated user attach arbitrary `file_id` values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, `has_access_to_file()`…
- risk 0.38cvss —epss 0.00
### Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An…
- risk 0.38cvss 5.9epss 0.00
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
- risk 0.38cvss —epss 0.00
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0.
- risk 0.38cvss —epss 0.00
## Summary **Type:** Authorization bypass enabling destructive action. The `DELETE /workspaces/{workspace_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member of the workspace can issue a single DELETE to wipe the…
- risk 0.38cvss —epss 0.00
## Summary **Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can remove any other member, including the…
- risk 0.38cvss —epss 0.00
### Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to `owner`. The issue is caused by privileged workspace-management routes using the shared dependency…
- risk 0.38cvss —epss 0.00
### Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and…
- risk 0.38cvss —epss 0.00
## Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_server/adapters/cli_tools.py`: > "registers four file-handling tools by default, `praisonai.rules.create`,…
- risk 0.38cvss —epss 0.00
A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to…
- risk 0.38cvss 5.9epss 0.00
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= 1.0.5.
- risk 0.38cvss 5.9epss 0.00
Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0.
- risk 0.38cvss 5.8epss 0.01
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess…
- risk 0.38cvss 5.8epss 0.00
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. This…