CWE•Class•Draft•20 recent CVEs
CWE-287Improper Authentication
Description
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Common consequences
- Integrity,Confidentiality,Availability,Access Control→Read Application Data,Gain Privileges or Assume Identity,Execute Unauthorized Code or CommandsThis weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Potential mitigations
- Architecture and DesignUse an authentication framework or library such as the OWASP ESAPI Authentication feature.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-507519.32026-06-08CVE-2026-341232026-06-06CVE-2026-4638910.02026-06-05CVE-2026-113452026-06-05CVE-2026-62749.82026-06-05CVE-2023-55025.92026-06-04CVE-2026-492038.32026-06-04CVE-2026-492028.62026-06-04CVE-2026-491948.82026-06-04CVE-2026-491919.82026-06-04CVE-2026-491869.82026-06-04CVE-2026-107777.32026-06-03CVE-2026-494489.82026-06-02CVE-2026-494438.82026-06-02CVE-2026-452895.32026-06-02CVE-2026-106197.32026-06-02CVE-2026-50769.82026-06-02CVE-2026-106177.32026-06-02CVE-2026-106112026-06-02CVE-2026-82937.52026-06-02