CWE-303— Incorrect Implementation of Authentication Algorithm
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.— MITRE CWE catalog
88 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-303page 2 of 2
- CVE-2024-9999MEDIUMCVSS 6.5EG 6.52024-11-12
In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
- CVE-2025-12419CRITICALCVSS 9.9EG 9.92025-11-27
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation pri…
- CVE-2025-12421CRITICALCVSS 9.9EG 9.92025-11-27
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user…
- CVE-2025-13390CRITICALCVSS 10.0EG 10.02025-12-03
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. Th…
- CVE-2025-14273HIGHCVSS 7.2EG 7.22025-12-22
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the J…
- CVE-2025-14510HIGHCVSS 8.1EG 8.12026-01-16
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.
- CVE-2025-21311CRITICALCVSS 9.8EG 9.82025-01-14
Windows NTLM V1 Elevation of Privilege Vulnerability
- CVE-2025-23046HIGHCVSS 7.5EG 7.52025-02-25
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone …
- CVE-2025-2475MEDIUMCVSS 5.4EG 5.42025-04-14
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.
- CVE-2025-2571MEDIUMCVSS 4.2EG 4.22025-05-30
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot account…
- CVE-2025-3230MEDIUMCVSS 5.4EG 5.42025-05-30
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting…
- CVE-2025-43727HIGHCVSS 7.5EG 7.52025-10-07
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contai…
- CVE-2025-43856HIGHCVSS 7.3EG 7.32025-07-11
immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is simil…
- CVE-2025-44557HIGHCVSS 8.1EG 8.12025-06-27
A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet.
- CVE-2025-4676HIGHCVSS 8.8EG 8.82026-01-07
Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: thro…
- CVE-2025-48994MEDIUMCVSS 6.9EG 6.92025-06-02
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), ver…
- CVE-2025-53782HIGHCVSS 7.8EG 8.42025-10-14
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
- CVE-2025-57808HIGHCVSS 8.1EG 8.12025-09-02
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded A…
- CVE-2025-61783MEDIUMCVSS 6.3EG 6.32025-10-09
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to ac…
- CVE-2025-63210CRITICALCVSS 9.8EG 9.82025-11-19
The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By…
- CVE-2025-66489CRITICALCVSS 9.8EG 9.82025-12-03
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts.…
- CVE-2025-8881MEDIUMCVSS 6.5EG 6.52025-08-13
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security sev…
- CVE-2026-0073HIGHCVSS 8.8EG 8.82026-05-04
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execu…
- CVE-2026-0999MEDIUMCVSS 5.4EG 5.42026-02-16
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Matter…
- CVE-2026-12773CRITICALCVSS 9.8EG 7.32026-06-21
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation c…
- CVE-2026-29515CRITICALCVSS 9.8EG 9.82026-03-11
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinati…
- CVE-2026-33190HIGHCVSS 7.5EG 7.52026-05-05
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport writer's TsigStatus() instead of performi…
- CVE-2026-33557CRITICALCVSS 9.1EG 9.12026-04-20
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JW…
- CVE-2026-35579CRITICALCVSS 9.8EG 9.82026-05-05
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in th…
- CVE-2026-41048HIGHCVSS 7.1EG 7.12026-06-22
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
- CVE-2026-41049HIGHCVSS 7.1EG 7.12026-06-22
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
- CVE-2026-41053HIGHCVSS 8.8EG 8.82026-06-30
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
- CVE-2026-41103CRITICALCVSS 9.1EG 9.12026-05-12
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-43640HIGHCVSS 8.1EG 8.12026-05-11
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only …
- CVE-2026-46389CRITICALCVSS 9.8EG 9.82026-06-05
UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the `client-kubernetes-secret` Keycloak c…
- CVE-2026-46595CRITICALCVSS 10.0EG 10.02026-05-22
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
- CVE-2026-50627CRITICALCVSS 9.1EG 9.12026-06-12
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resour…
- CVE-2026-8922MEDIUMCVSS 5.4EG 5.42026-05-19
A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens …
Map vulnerabilities like CWE-303 to your infrastructure
EchelonGraph correlates every CVE — across CWE-303 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →