Login Sign Up

CWE-862: Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

3,077
Total CVEs
231
Critical
877
High
6.3
Avg CVSS
2
In CISA KEV

Yearly Trend

2026
441
2025
1,552
2024
754
2023
138
2022
51

Top Affected Vendors

1 Google 127
2 Sap 37
3 Apple 27
4 Jenkins 23
5 Gitlab 19
6 Xwiki 12
7 Themeum 12
8 Metagauss 11
9 Wpdeveloper 11
10 Q Free 11

All Missing Authorization CVEs (3,077)

CVE-2023-1336
4.3

The RapidLoad Power-Up for Autoptimize WordPress plugin versions up to 1.7.1 contain a missing capability check in the ajax_deactivate function, allow...

Mar 10, 2023
CVE-2023-1338
4.3

The RapidLoad Power-Up for Autoptimize WordPress plugin versions up to 1.7.1 contain a missing capability check vulnerability in the attach_rule funct...

Mar 10, 2023
CVE-2025-66075
4.2

This vulnerability allows attackers to bypass authorization controls in the WP Cookie Notice plugin for WordPress, potentially accessing administrativ...

Nov 21, 2025
CVE-2025-58460
4.2

The Jenkins OpenTelemetry Plugin vulnerability allows attackers with Overall/Read permission to exfiltrate Jenkins credentials by connecting to attack...

Sep 3, 2025
CVE-2025-43331
4.0

This CVE describes a macOS code-signing downgrade vulnerability that could allow malicious applications to bypass security restrictions and access pro...

Sep 15, 2025
CVE-2025-53910
4.0

The Mattermost Confluence Plugin vulnerability allows attackers to create unauthorized channel subscriptions via API calls. This affects organizations...

Aug 11, 2025
CVE-2025-44001
4.0

The Mattermost Confluence Plugin before version 1.5.0 has an authorization bypass vulnerability where attackers can retrieve channel subscription deta...

Aug 11, 2025
CVE-2024-5318
4.0

This vulnerability allows Guest users in GitLab to view dependency lists of private projects through job artifacts, potentially exposing sensitive pro...

May 24, 2024
CVE-2026-25423
3.8

This CVE describes a Missing Authorization vulnerability in the Real 3D FlipBook WordPress plugin that allows attackers to bypass access controls. It ...

Feb 19, 2026
CVE-2025-69015
3.8

This CVE describes a Missing Authorization vulnerability in the Crowdsignal Forms WordPress plugin that allows attackers to bypass access controls. It...

Dec 30, 2025
CVE-2025-14457
3.7

This vulnerability allows unauthenticated attackers to delete arbitrary files uploaded through the Drag and Drop Multiple File Upload for Contact Form...

Jan 15, 2026
CVE-2025-9218
3.7

The rtMedia plugin for WordPress (also used with BuddyPress and bbPress) versions 4.7.0 to 4.7.3 has an information disclosure vulnerability when the ...

Dec 13, 2025
CVE-2025-10583
3.5

The WP Fastest Cache WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users with Subscriber-leve...

Dec 12, 2025
CVE-2025-15289
3.1

CVE-2025-15289 is an improper access controls vulnerability in Tanium Interact that could allow authenticated users to access data or perform actions ...

Feb 5, 2026
CVE-2026-1751
3.1

This vulnerability in GitLab CE/EE allows unauthorized users to edit merge request approval rules under specific conditions. It affects all GitLab ins...

Feb 2, 2026
CVE-2025-67737
3.1

AzuraCast versions 0.23.1 expose an internal API endpoint intended for SFTPgo software to the public HTTP API. An attacker with knowledge of a station...

Dec 12, 2025
CVE-2025-13643
3.1

A privilege escalation vulnerability in MongoDB Server allows users with limited privileges to terminate queries executed by other users, causing deni...

Nov 25, 2025
CVE-2025-12817
3.1

A missing authorization vulnerability in PostgreSQL's CREATE STATISTICS command allows table owners to create statistics objects in any schema, causin...

Nov 13, 2025
CVE-2026-25517
2.7

This CVE describes a missing authorization vulnerability in Wagtail CMS preview endpoints. Authenticated Wagtail admin users can craft form submission...

Feb 4, 2026
CVE-2025-54004
2.6

This vulnerability allows unauthorized users to access functionality intended only for authorized users in the WCFM – Frontend Manager for WooCommer...

Dec 16, 2025
CVE-2026-24095
N/A

This CVE describes an authorization bypass vulnerability in Checkmk monitoring software. Users with 'Use WATO' permission can access the 'Analyze conf...

Feb 9, 2026
CVE-2026-25752
N/A

An authorization bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to modify device tags via WebSocket...

Feb 6, 2026
CVE-2025-13348
N/A

An improper access control vulnerability in ASUS Secure Delete Driver allows local users to create arbitrary files in specified paths by sending speci...

Feb 2, 2026
CVE-2025-13472
N/A

The BlazeMeter Jenkins Plugin before version 4.27 had a missing authorization vulnerability that allowed any user to view sensitive resource lists in ...

Dec 3, 2025
CVE-2025-13828
N/A

This vulnerability allows any authenticated user, even with low privileges, to install arbitrary Composer packages on Mautic installations. This bypas...

Dec 2, 2025
CVE-2025-41016
N/A

An inadequate access control vulnerability in Davantis DFUSION v6.177.7 allows unauthorized actors to access security camera images and videos from al...

Nov 24, 2025
CVE-2025-41017
N/A

This vulnerability allows unauthorized actors to retrieve perspective parameters from security camera settings in Davantis DDFUSION video management s...

Nov 24, 2025

About Missing Authorization (CWE-862)

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Our database tracks 3,077 CVEs classified as CWE-862, with 231 rated critical and 877 rated high severity. The average CVSS score for Missing Authorization vulnerabilities is 6.3.

External reference: View CWE-862 on MITRE CWE →

Monitor Missing Authorization Vulnerabilities

Get alerted when new Missing Authorization CVEs affect your infrastructure.

Start Monitoring Free