Skip to main content

CWE-863

Incorrect Authorization

966 CVEs Avg CVSS 6.2 MITRE
74
CRITICAL
292
HIGH
492
MEDIUM
102
LOW
91
POC
5
KEV

Monthly

CVE-2026-27780 PATCH This Week

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
EPSS
0.2%
CVE-2026-27775 PATCH This Week

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
EPSS
0.2%
CVE-2026-27761 MEDIUM PATCH This Month

Gitea's repository RSS and Atom feed endpoints fail to enforce API token scope checks, exposing private repository commit metadata to any holder of a valid but under-privileged API token. Versions up to and including 1.26.2 are affected; the flaw is classified as CWE-863 (Incorrect Authorization) with a CVSS score of 4.3. No public exploit code or CISA KEV listing exists at time of analysis; vendor-released patches are available in v1.26.3 and v1.26.4.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2026-46730 MEDIUM PATCH This Month

Incorrect authorization in Dell PowerProtect Data Domain permits a high-privileged local attacker to execute commands outside their authorized scope across a broad span of affected versions covering the main release line and all three active LTS branches. The root cause (CWE-863) indicates the appliance's Data Domain OS fails to enforce authorization boundaries correctly for certain operations accessible to already-elevated users, enabling privilege escalation within an authenticated administrative session. No public exploit code or active exploitation is confirmed at time of analysis; the CVSS 4.2 Medium score accurately reflects the significant access prerequisites - local presence plus high-level credentials - required to trigger the flaw.

Authentication Bypass Dell
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-54998 HIGH PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Exchange Online allows an already-authenticated attacker to elevate their permissions over the network by exploiting an incorrect authorization check (CWE-863). Because Exchange Online is a cloud-hosted, multi-tenant service, a low-privileged authenticated user could gain elevated access to confidential data, tamper with mail/configuration, and disrupt availability. No public exploit has been identified at time of analysis, and the EPSS/exploit-maturity signal (E:U) indicates exploit code is currently unproven.

Authentication Bypass Microsoft Microsoft Exchange Online
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-56842 HIGH PATCH This Week

Privilege persistence in Ubiquiti's UniFi Network Application allows a low-privileged network-adjacent actor to retain granted privileges within the controller even after those privileges are supposed to have been revoked, due to an Incorrect Authorization (CWE-863) flaw. The CVSS 3.1 base score is 7.5 (AV:N/AC:H/PR:L/UI:N) with high confidentiality, integrity, and availability impact, meaning an actor whose access was removed can continue to act with the old authorization. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires prior authenticated access plus specific unstated conditions (AC:H).

Authentication Bypass Ubiquiti Unifi Network Application
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-8079 HIGH This Week

Privilege escalation via incorrect authorization in Progress Flowmon lets an authenticated low-privileged user abuse the PDF generation workflow to have operations executed under another user's identity, exposing sensitive data and permitting unauthorized configuration changes. It affects all Flowmon releases before 12.5.9 (12.x branch) and before 13.0.10 (13.x branch). No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor CVSS 4.0 score is 8.7 (High).

Authentication Bypass Information Disclosure Flowmon
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-14340 MEDIUM This Month

Incorrect authorization in GitHub Enterprise Server allows an attacker who has obtained a victim's user-to-server token - issued by a GitHub App installation - to perform write operations on any public repository, regardless of whether that installation was explicitly granted access to the target repository. Affected installations span all GHES versions prior to 3.22, with fixes backported to six supported release trains. The CVSS 4.0 score is 5.3 (medium); no public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-44935 Go CRITICAL PATCH GHSA Act Now

Cross-tenant authorization bypass in Rancher Fleet allows a low-privileged tenant in a multi-tenant environment to read any ConfigMap or Secret across all namespaces of a shared downstream cluster and to deploy cluster-wide resources without being bound to a restricted service account. The flaw (CWE-863, CVSS 9.9) is exploitable by authenticated tenants who abuse valuesFrom in fleet.yaml (via GitRepo) or HelmOp/Bundle resources; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.6%
CVE-2026-49989 Maven LOW POC PATCH GHSA Monitor

{table}/{digest}`) allows any authenticated user to read, write, or delete blobs across all blob tables, entirely circumventing the GRANT-based access control that the SQL path correctly enforces. Verified against CrateDB 6.2.7 and present since the blob HTTP handler was introduced, `io.crate.protocols.http.HttpBlobHandler` authenticates the connecting user but never invokes `AccessControl`, making blob operations permissible to any valid credential holder regardless of table-level privileges. A complete end-to-end Docker PoC is included in the report demonstrating both unauthorized read (HTTP 200) and unauthorized delete (HTTP 204) while the SQL path correctly returns a permission error for the same user; no KEV listing and no EPSS data are available at time of analysis.

Authentication Bypass Java Docker Oracle
NVD GitHub
EPSS 0%
PATCH This Week

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
EPSS 0%
PATCH This Week

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Gitea's repository RSS and Atom feed endpoints fail to enforce API token scope checks, exposing private repository commit metadata to any holder of a valid but under-privileged API token. Versions up to and including 1.26.2 are affected; the flaw is classified as CWE-863 (Incorrect Authorization) with a CVSS score of 4.3. No public exploit code or CISA KEV listing exists at time of analysis; vendor-released patches are available in v1.26.3 and v1.26.4.

Authentication Bypass Gitea Gitea Open Source Git Server
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Incorrect authorization in Dell PowerProtect Data Domain permits a high-privileged local attacker to execute commands outside their authorized scope across a broad span of affected versions covering the main release line and all three active LTS branches. The root cause (CWE-863) indicates the appliance's Data Domain OS fails to enforce authorization boundaries correctly for certain operations accessible to already-elevated users, enabling privilege escalation within an authenticated administrative session. No public exploit code or active exploitation is confirmed at time of analysis; the CVSS 4.2 Medium score accurately reflects the significant access prerequisites - local presence plus high-level credentials - required to trigger the flaw.

Authentication Bypass Dell
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Exchange Online allows an already-authenticated attacker to elevate their permissions over the network by exploiting an incorrect authorization check (CWE-863). Because Exchange Online is a cloud-hosted, multi-tenant service, a low-privileged authenticated user could gain elevated access to confidential data, tamper with mail/configuration, and disrupt availability. No public exploit has been identified at time of analysis, and the EPSS/exploit-maturity signal (E:U) indicates exploit code is currently unproven.

Authentication Bypass Microsoft Microsoft Exchange Online
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Privilege persistence in Ubiquiti's UniFi Network Application allows a low-privileged network-adjacent actor to retain granted privileges within the controller even after those privileges are supposed to have been revoked, due to an Incorrect Authorization (CWE-863) flaw. The CVSS 3.1 base score is 7.5 (AV:N/AC:H/PR:L/UI:N) with high confidentiality, integrity, and availability impact, meaning an actor whose access was removed can continue to act with the old authorization. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires prior authenticated access plus specific unstated conditions (AC:H).

Authentication Bypass Ubiquiti Unifi Network Application
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Privilege escalation via incorrect authorization in Progress Flowmon lets an authenticated low-privileged user abuse the PDF generation workflow to have operations executed under another user's identity, exposing sensitive data and permitting unauthorized configuration changes. It affects all Flowmon releases before 12.5.9 (12.x branch) and before 13.0.10 (13.x branch). No public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor CVSS 4.0 score is 8.7 (High).

Authentication Bypass Information Disclosure Flowmon
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Incorrect authorization in GitHub Enterprise Server allows an attacker who has obtained a victim's user-to-server token - issued by a GitHub App installation - to perform write operations on any public repository, regardless of whether that installation was explicitly granted access to the target repository. Affected installations span all GHES versions prior to 3.22, with fixes backported to six supported release trains. The CVSS 4.0 score is 5.3 (medium); no public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Enterprise Server
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

Cross-tenant authorization bypass in Rancher Fleet allows a low-privileged tenant in a multi-tenant environment to read any ConfigMap or Secret across all namespaces of a shared downstream cluster and to deploy cluster-wide resources without being bound to a restricted service account. The flaw (CWE-863, CVSS 9.9) is exploitable by authenticated tenants who abuse valuesFrom in fleet.yaml (via GitRepo) or HelmOp/Bundle resources; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass
NVD GitHub VulDB
LOW POC PATCH Monitor

{table}/{digest}`) allows any authenticated user to read, write, or delete blobs across all blob tables, entirely circumventing the GRANT-based access control that the SQL path correctly enforces. Verified against CrateDB 6.2.7 and present since the blob HTTP handler was introduced, `io.crate.protocols.http.HttpBlobHandler` authenticates the connecting user but never invokes `AccessControl`, making blob operations permissible to any valid credential holder regardless of table-level privileges. A complete end-to-end Docker PoC is included in the report demonstrating both unauthorized read (HTTP 200) and unauthorized delete (HTTP 204) while the SQL path correctly returns a permission error for the same user; no KEV listing and no EPSS data are available at time of analysis.

Authentication Bypass Java Docker +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy