CWE-289: CWE-289

Total CVEs

Critical

High

8.1

Avg CVSS

Yearly Trend

2026

2025

2023

2021

Top Affected Vendors

1 Apache 1

2 Nodejs 1

3 Cisco 1

4 Charm 1

5 Goauthentik 1

6 Dataease 1

7 Chimpgroup 1

8 Sustainsys 1

9 Dataprobe 1

10 Redline 1

All CWE-289 CVEs (16)

CVE-2026-24058

9.8

Soft Serve versions 0.11.2 and below have a critical authentication bypass vulnerability that allows attackers to impersonate any user, including admi...

Jan 22, 2026

CVE-2025-13613

9.8

The Elated Membership WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as administrative us...

Dec 10, 2025

CVE-2024-56511

9.8

This vulnerability allows attackers to bypass authentication in DataEase by exploiting a path traversal flaw in the whitelist validation logic. When t...

Jan 10, 2025

CVE-2023-1803

9.8

CVE-2023-1803 is an authentication bypass vulnerability in DTS Electronics Redline Router firmware that allows attackers to access administrative func...

Apr 14, 2023

CVE-2021-34746

9.8

This critical authentication bypass vulnerability in Cisco NFVIS allows unauthenticated remote attackers to gain administrator access by injecting par...

Sep 2, 2021

CVE-2025-29266

9.6

This vulnerability allows remote attackers to gain root access to Unraid's web interface and console without authentication when specific conditions a...

Mar 31, 2025

CVE-2025-55130

9.1

A Node.js permissions model vulnerability allows attackers to bypass file system access restrictions using crafted relative symlink paths. This enable...

Jan 20, 2026

CVE-2025-64343

7.8

CVE-2025-64343 is a local privilege escalation vulnerability in Constructor (conda installer tool) where installation directories inherit overly permi...

Nov 7, 2025

CVE-2025-41248

7.5

This vulnerability in Spring Security's annotation detection mechanism can lead to authorization bypass when using @PreAuthorize and other method secu...

Sep 16, 2025

CVE-2024-11283

7.5

The WP JobHunt plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to access arbitrary candidate acc...

Mar 14, 2025

CVE-2023-41890

7.5

The Sustainsys.Saml2 library has an authentication bypass vulnerability where SAML responses aren't properly validated. Attackers can impersonate legi...

Sep 19, 2023

CVE-2023-3263

7.5

This authentication bypass vulnerability in Dataprobe iBoot PDU firmware allows attackers to obtain valid authorization tokens by exploiting special c...

Aug 14, 2023

CVE-2025-60375

7.3

This authentication bypass vulnerability in Perfex CRM allows attackers to gain unauthorized access by submitting empty username and password paramete...

Oct 9, 2025

CVE-2025-14777

6.0

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Keycloak's admin API. Authenticated attackers with fine-grained admin p...

Dec 16, 2025

CVE-2026-23903

5.3

This CVE describes an authentication bypass vulnerability in Apache Shiro where attackers can access protected static files by changing the case of fi...

Feb 9, 2026

CVE-2025-64521

4.8

This vulnerability allows deactivated service accounts in authentik to still authenticate via OAuth client credentials, bypassing account status contr...

Nov 19, 2025

About CWE-289 (CWE-289)

Our database tracks 16 CVEs classified as CWE-289, with 7 rated critical and 6 rated high severity. The average CVSS score for CWE-289 vulnerabilities is 8.1.

External reference: View CWE-289 on MITRE CWE →

Monitor CWE-289 Vulnerabilities

Get alerted when new CWE-289 CVEs affect your infrastructure.

Start Monitoring Free