CWE-306: Missing Authentication
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Yearly Trend
Top Affected Vendors
All Missing Authentication CVEs (675)
CVE-2022-29951 is an authentication bypass vulnerability in JTEKT TOYOPUC PLCs that allows attackers to execute engineering functions without credenti...
Jul 26, 2022This vulnerability allows unauthenticated remote attackers to send arbitrary messages to the MQTT service in SIMATIC eaSie Core Package systems. Attac...
Jul 12, 2022CVE-2022-26082 is a critical file write vulnerability in Open Automation Software OAS Platform's SecureTransferFiles functionality that allows remote ...
May 25, 2022CVE-2022-27332 is an authentication bypass vulnerability in Zammad v5.0.3 that allows unauthenticated attackers to write entries to the CTI caller log...
Apr 27, 2022This vulnerability allows any user to access and modify web management pages on GARO Wallbox charging stations due to missing access controls. Attacke...
Mar 21, 2022This vulnerability allows unauthenticated remote attackers to modify files on ICL ScadaFlex II SCADA controllers. Attackers can overwrite, delete, or ...
Feb 26, 2022This vulnerability in Schneider Electric's Interactive Graphical SCADA System Data Collector allows unauthenticated attackers to delete arbitrary file...
Feb 11, 2022CVE-2021-22823 is an authentication bypass vulnerability in Schneider Electric's Interactive Graphical SCADA System Data Collector (dc.exe) that allow...
Feb 11, 2022This vulnerability allows any client to make unauthorized container-related DataNode requests to Apache Ozone, bypassing authentication mechanisms. It...
Nov 19, 2021CVE-2021-32700 is a supply chain vulnerability in Ballerina programming language where HTTP connections didn't use TLS and certificate checking was ig...
Jun 22, 2021CVE-2020-36333 is an authentication bypass vulnerability in the themegrill-demo-importer WordPress plugin that allows unauthenticated attackers to wip...
May 5, 2021CVE-2020-28899 is an authentication bypass vulnerability in ZyXEL LTE4506-M606 routers that allows remote attackers to execute administrative function...
Mar 16, 2021This vulnerability allows unauthenticated attackers to invoke sensitive RMI methods in SquareBox CatDV Server, which can be used to generate valid aut...
Mar 5, 2021CVE-2020-27285 is an authentication bypass vulnerability in Crimson 3.1 software that allows unauthenticated users to read and modify the database. Th...
Jan 6, 2021This vulnerability in URVE software allows unauthenticated attackers to access sensitive internal files and execute system commands, including shutdow...
Dec 23, 2020This vulnerability allows unauthenticated attackers to change device settings on affected WAGO programmable logic controllers by sending specially cra...
Sep 30, 2020CVE-2020-6294 is an authentication bypass vulnerability in SAP Business Objects Business Intelligence Platform's Xvfb component on Unix systems. Attac...
Aug 12, 2020This vulnerability allows remote attackers to intercept and answer video calls intended for other temi robot users, granting them unauthorized motor c...
Aug 7, 2020CVE-2020-13382 is an incorrect access control vulnerability in openSIS student information systems that allows unauthenticated attackers to bypass aut...
Jul 1, 2020This vulnerability in Eclipse Che che-machine-exec allows unauthenticated attackers to execute arbitrary commands and steal secrets (SSH keys, tokens)...
Jan 13, 2026This vulnerability allows remote attackers to execute arbitrary code on Microsoft HPC Pack systems without authentication. It affects organizations us...
Feb 11, 2025This vulnerability allows attackers to perform man-in-the-middle attacks to push arbitrary firmware updates to Wavlink AC3000 routers. Attackers can c...
Jan 14, 2025This vulnerability allows remote attackers to execute arbitrary code on Casa Systems NTC-221 industrial IoT routers by sending a crafted payload to th...
Oct 22, 2024Jupyter Server Proxy versions before 3.2.3 and 4.1.1 fail to properly authenticate websocket connections, allowing unauthenticated network access to p...
Mar 20, 2024CVE-2023-27267 is an authentication bypass and input validation vulnerability in SAP Diagnostics Agent version 720 that allows remote attackers to exe...
Apr 11, 2023This vulnerability allows network-adjacent attackers to execute arbitrary code on Enel X JuiceBox 40 electric vehicle charging stations without authen...
Jan 23, 2026This vulnerability allows attackers on the same local network to bypass authentication by sending specially crafted URLs, gaining unauthorized access ...
Dec 19, 2025An unauthenticated attacker within Bluetooth range can perform unauthorized firmware upgrades on Meatmeet devices via BLE, leading to complete device ...
Dec 10, 2025This vulnerability allows an attacker within Bluetooth Low Energy (BLE) range to read and write device control commands without authentication due to ...
Dec 10, 2025The TP-Link KP303 Smartplug has an authentication bypass vulnerability that allows unauthenticated attackers to send protocol commands. This can cause...
Aug 25, 2025This vulnerability in the Airoha Bluetooth audio SDK allows unauthorized access to the RACE protocol, enabling remote attackers to escalate privileges...
Aug 4, 2025This vulnerability in Airoha's Bluetooth audio SDK allows attackers to bypass permissions and access critical RACE protocol data via Bluetooth LE GATT...
Aug 4, 2025This CVE describes an authenticated remote code execution vulnerability in GetSimpleCMS 3.2.1 where authenticated users can upload malicious PHP files...
Jul 25, 2025This vulnerability allows authenticated attackers to execute arbitrary operating system commands with root privileges on TOTOLINK N300RB routers. Atta...
Jul 11, 2025This vulnerability allows an unauthenticated attacker on the same network to modify system configuration through a specific API endpoint, granting the...
Jul 8, 2025This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows authenticated attackers with low privileges to completely compromise the system via...
Jan 21, 2025This vulnerability in Veeam Backup & Replication allows low-privileged users with specific roles to modify critical configuration settings, including ...
Dec 4, 2024This vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to achieve remote code execution by modifying backup jobs t...
Dec 4, 2024This vulnerability allows unauthenticated attackers to perform critical administrative functions in the Banner System WordPress plugin, leading to pri...
Nov 20, 2024CVE-2024-41969 is a missing authentication vulnerability in CODESYS V3 service that allows low-privileged remote attackers to modify system configurat...
Nov 18, 2024The goTenna Pro App vulnerability allows unauthenticated attackers to remotely replace the public keys used for peer-to-peer and group message encrypt...
Sep 26, 2024CVE-2024-45075 is an authentication bypass vulnerability in IBM webMethods Integration 10.15 that allows authenticated users to create scheduler tasks...
Sep 4, 2024This vulnerability allows network-adjacent attackers to bypass authentication on D-Link G416 routers and execute critical functions without credential...
May 3, 2024This vulnerability allows attackers on the same network to execute arbitrary code as root on D-Link DAP-1325 routers without authentication. The flaw ...
May 3, 2024This vulnerability allows remote attackers to bypass authentication in Inductive Automation Ignition OPC UA Quick Client by exploiting missing authent...
May 3, 2024This vulnerability in CCX device firmware allows unauthorized actors to access restricted resources due to improper access controls. It affects device...
Apr 9, 2024This vulnerability allows attackers to bypass authentication in PingFederate OAuth2 clients using client_secret_jwt authentication. Attackers can send...
Feb 6, 2024This vulnerability allows attackers to intercept or manipulate MQTT communications between Android Client applications and AppHub servers due to missi...
Oct 25, 2023This vulnerability in Oracle Hospitality OPERA 5 Property Services allows authenticated attackers with low privileges to completely compromise the sys...
Oct 17, 2023This vulnerability allows an authenticated attacker to elevate privileges on Windows systems with Mobile Device Management (MDM) components. Attackers...
Aug 8, 2023About Missing Authentication (CWE-306)
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Our database tracks 675 CVEs classified as CWE-306, with 325 rated critical and 243 rated high severity. The average CVSS score for Missing Authentication vulnerabilities is 8.5.
External reference: View CWE-306 on MITRE CWE →
Monitor Missing Authentication Vulnerabilities
Get alerted when new Missing Authentication CVEs affect your infrastructure.
Start Monitoring Free