Skip to main content

CWE-303

Incorrect Implementation of Authentication Algorithm

66 CVEs Avg CVSS 7.7 MITRE
18
CRITICAL
26
HIGH
21
MEDIUM
1
LOW
12
POC
1
KEV

Monthly

CVE-2026-47300 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker gain higher privileges by abusing a flawed authentication algorithm implementation (CWE-303). Microsoft reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV. The 8.8 CVSS reflects high confidentiality, integrity, and availability impact reachable over the network with only low prior privileges.

Information Disclosure Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2022 Version 17 12 +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-50360 HIGH PATCH This Week

Privilege escalation in Microsoft Windows SMB Server allows an already-authenticated network attacker to elevate to higher privileges by abusing a flawed authentication algorithm, yielding high confidentiality, integrity, and availability impact. The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-41053 Go HIGH PATCH GHSA This Week

Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal access they should not hold, because the GitHub authentication provider incorrectly caches the result of team membership expansion. The flaw (CWE-303, CVSS 8.8) means a low-privileged GitHub-authenticated user can be granted access tied to other principals/teams, effectively bypassing intended authorization. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Rancher
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-41049 HIGH PATCH This Week

Local privilege escalation in qSnapper D-Bus service before version 1.3.3 allows any unprivileged local user to invoke privileged D-Bus methods after an administrator has previously authenticated for an unrelated Polkit action. The flaw stems from authentication state being implicitly carried over across different Polkit actions and users rather than being scoped per-action-per-caller, enabling unauthorized snapshot management on systems where the service is installed. No public exploit identified at time of analysis, though SUSE published a coordinated disclosure advisory alongside the upstream fix.

Information Disclosure Qsnapper
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-41048 HIGH PATCH This Week

Authentication bypass in qSnapper's privileged D-Bus service (versions before 1.3.3) allows any local unprivileged user to invoke administrative snapshot operations by piggy-backing on another client's prior Polkit authentication. The service stored authentication state in a single shared m_authenticated flag rather than per-client, so once any caller passed an admin check, all subsequent D-Bus callers inherited that state. No public exploit identified at time of analysis; the issue was found during a SUSE-coordinated security review and patched in v1.3.3.

Apache SSRF Kubernetes Qsnapper
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-8922 Maven MEDIUM This Month

Token revocation bypass in Red Hat Keycloak's OIDC Introspection endpoint allows low-privileged authenticated users to continue using tokens that should have been invalidated by realm-level notBefore revocation policies. When both realm-level and client-level notBefore policies are simultaneously active, the introspection endpoint incorrectly evaluates only the client-level policy, silently ignoring the realm-wide revocation. This means an administrator's deliberate, broad-scope revocation action - typically used in incident response or forced re-authentication scenarios - is rendered ineffective for any clients that also carry a client-level notBefore setting. No public exploit has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Authentication Bypass Red Hat Build Of Keycloak
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-41103 CRITICAL PATCH NEWS Exploit Likely Act Now

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Atlassian
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-43640 HIGH POC PATCH This Week

Authentication bypass in Bitwarden Server versions prior to 2026.4.1 allows authenticated users with SCIM management privileges to retrieve or rotate organization SCIM API keys without master password re-authentication. An attacker with valid session credentials and SCIM management rights can obtain sensitive API keys that enable user provisioning control, potentially leading to unauthorized account creation, modification, or deletion within the organization. Public exploit code exists, and vendor patch v2026.4.1 addresses the issue via GitHub PR #7403.

Information Disclosure Server
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-0073 HIGH POC This Week

Authentication bypass in Android Debug Bridge (ADB) wireless mutual authentication allows adjacent network attackers to execute arbitrary code as the shell user without authentication. The flaw affects Android 14, 15, and 16 series, residing in the TLS certificate verification logic of adbd_tls_verify_cert. EPSS data not available, but CISA SSVC framework indicates no current exploitation evidence and non-automatable attack requiring network adjacency. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability when the wireless debugging feature is enabled.

RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27656 Go MEDIUM PATCH This Month

Mattermost fails to properly validate user identity in OpenID Connect authentication logic due to an overly permissive substring matching flaw in the IsSameUser() comparison function, allowing attackers with high privileges to take over arbitrary user accounts through the user discovery flow. This affects Mattermost versions 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0. While the CVSS score of 5.7 is moderate and requires high privilege access and user interaction, the core impact is account takeover with full account compromise possible.

Information Disclosure Mattermost
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker gain higher privileges by abusing a flawed authentication algorithm implementation (CWE-303). Microsoft reported the flaw and has released a patch; there is no public exploit identified at time of analysis and it is not on the CISA KEV. The 8.8 CVSS reflects high confidentiality, integrity, and availability impact reachable over the network with only low prior privileges.

Information Disclosure Net 10 0 Net 8 0 +4
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Microsoft Windows SMB Server allows an already-authenticated network attacker to elevate to higher privileges by abusing a flawed authentication algorithm, yielding high confidentiality, integrity, and availability impact. The flaw affects Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal access they should not hold, because the GitHub authentication provider incorrectly caches the result of team membership expansion. The flaw (CWE-303, CVSS 8.8) means a low-privileged GitHub-authenticated user can be granted access tied to other principals/teams, effectively bypassing intended authorization. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Rancher
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in qSnapper D-Bus service before version 1.3.3 allows any unprivileged local user to invoke privileged D-Bus methods after an administrator has previously authenticated for an unrelated Polkit action. The flaw stems from authentication state being implicitly carried over across different Polkit actions and users rather than being scoped per-action-per-caller, enabling unauthorized snapshot management on systems where the service is installed. No public exploit identified at time of analysis, though SUSE published a coordinated disclosure advisory alongside the upstream fix.

Information Disclosure Qsnapper
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Authentication bypass in qSnapper's privileged D-Bus service (versions before 1.3.3) allows any local unprivileged user to invoke administrative snapshot operations by piggy-backing on another client's prior Polkit authentication. The service stored authentication state in a single shared m_authenticated flag rather than per-client, so once any caller passed an admin check, all subsequent D-Bus callers inherited that state. No public exploit identified at time of analysis; the issue was found during a SUSE-coordinated security review and patched in v1.3.3.

Apache SSRF Kubernetes +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Token revocation bypass in Red Hat Keycloak's OIDC Introspection endpoint allows low-privileged authenticated users to continue using tokens that should have been invalidated by realm-level notBefore revocation policies. When both realm-level and client-level notBefore policies are simultaneously active, the introspection endpoint incorrectly evaluates only the client-level policy, silently ignoring the realm-wide revocation. This means an administrator's deliberate, broad-scope revocation action - typically used in incident response or forced re-authentication scenarios - is rendered ineffective for any clients that also carry a client-level notBefore setting. No public exploit has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Authentication Bypass Red Hat Build Of Keycloak
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Exploit Likely Act Now

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Atlassian
NVD VulDB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Authentication bypass in Bitwarden Server versions prior to 2026.4.1 allows authenticated users with SCIM management privileges to retrieve or rotate organization SCIM API keys without master password re-authentication. An attacker with valid session credentials and SCIM management rights can obtain sensitive API keys that enable user provisioning control, potentially leading to unauthorized account creation, modification, or deletion within the organization. Public exploit code exists, and vendor patch v2026.4.1 addresses the issue via GitHub PR #7403.

Information Disclosure Server
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Authentication bypass in Android Debug Bridge (ADB) wireless mutual authentication allows adjacent network attackers to execute arbitrary code as the shell user without authentication. The flaw affects Android 14, 15, and 16 series, residing in the TLS certificate verification logic of adbd_tls_verify_cert. EPSS data not available, but CISA SSVC framework indicates no current exploitation evidence and non-automatable attack requiring network adjacency. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability when the wireless debugging feature is enabled.

RCE
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Mattermost fails to properly validate user identity in OpenID Connect authentication logic due to an overly permissive substring matching flaw in the IsSameUser() comparison function, allowing attackers with high privileges to take over arbitrary user accounts through the user discovery flow. This affects Mattermost versions 10.11.0-10.11.11, 11.2.0-11.2.3, 11.3.0-11.3.1, and 11.4.0. While the CVSS score of 5.7 is moderate and requires high privilege access and user interaction, the core impact is account takeover with full account compromise possible.

Information Disclosure Mattermost
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy