CWE-863— Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.— MITRE CWE catalog
3,821 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-863page 68 of 77
- CVE-2026-28229HIGHCVSS 7.5EG 7.52026-03-11
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTem…
- CVE-2026-28699HIGHCVSS 8.1EG 8.12026-06-16
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.
- CVE-2026-28732MEDIUMCVSS 4.3EG 4.32026-05-18
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to…
- CVE-2026-28735MEDIUMCVSS 5.4EG 5.42026-05-26
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the c…
- CVE-2026-28740HIGHCVSS 7.1EG 7.12026-07-03
Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access.
- CVE-2026-28744HIGHCVSS 8.1EG 8.12026-06-16
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.
- CVE-2026-28759MEDIUMCVSS 4.3EG 4.32026-05-18
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a …
- CVE-2026-28808HIGHCVSS 7.4EG 9.82026-04-07
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside Documen…
- CVE-2026-28873HIGHCVSS 7.5EG 7.52026-05-11
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging.
- CVE-2026-28951HIGHCVSS 7.8EG 7.82026-05-11
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain roo…
- CVE-2026-29179LOWCVSS 3.3EG 3.32026-04-21
October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affe…
- CVE-2026-3009HIGHCVSS 8.1EG 8.12026-03-05
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can r…
- CVE-2026-30368MEDIUMCVSS 5.4EG 5.42026-04-24
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized contr…
- CVE-2026-30689MEDIUMCVSS 4.3EG 7.52026-03-27
In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threateni…
- CVE-2026-31892HIGHCVSS 8.1EG 8.12026-03-11
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in …
- CVE-2026-31991LOWCVSS 3.7EG 3.72026-03-19
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by o…
- CVE-2026-31998HIGHCVSS 8.6EG 8.62026-03-19
OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can byp…
- CVE-2026-32001MEDIUMCVSS 5.4EG 5.42026-03-19
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by c…
- CVE-2026-32005MEDIUMCVSS 6.8EG 6.82026-03-19
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including block_action, view_submission, and view_closed in shared workspace deployments. Unauthorized workspace members can bypass …
- CVE-2026-32006LOWCVSS 3.1EG 3.12026-03-19
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers ca…
- CVE-2026-32021MEDIUMCVSS 6.5EG 6.52026-03-19
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the Feishu allowFrom allowlist implementation that accepts mutable sender display names instead of enforcing ID-only matching. An attacker can set a disp…
- CVE-2026-32023HIGHCVSS 7.1EG 7.12026-03-19
OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerability in system.run allowlist mode where nested transparent dispatch wrappers can suppress shell-wrapper detection. Attackers can exploit this by chaining multi…
- CVE-2026-32027MEDIUMCVSS 6.5EG 6.52026-03-19
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization …
- CVE-2026-32028MEDIUMCVSS 5.3EG 5.32026-03-19
OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can expl…
- CVE-2026-32035MEDIUMCVSS 5.9EG 5.92026-03-19
OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-…
- CVE-2026-32042HIGHCVSS 8.8EG 8.82026-03-21
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Atta…
- CVE-2026-32050LOWCVSS 3.7EG 3.72026-03-21
OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit …
- CVE-2026-32051HIGHCVSS 8.8EG 8.82026-03-21
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-toke…
- CVE-2026-32058LOWCVSS 2.6EG 2.62026-03-21
OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to …
- CVE-2026-32067LOWCVSS 3.7EG 3.72026-03-21
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker…
- CVE-2026-32173HIGHCVSS 8.6EG 8.62026-04-03
Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
- CVE-2026-32213CRITICALCVSS 10.0EG 10.02026-04-03
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-32228HIGHCVSS 7.5EG 7.52026-04-18
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.
- CVE-2026-32597HIGHCVSS 7.5EG 7.52026-03-13
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not u…
- CVE-2026-32642MEDIUMCVSS 4.3EG 4.32026-03-24
Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist wit…
- CVE-2026-32718MEDIUMCVSS 6.5EG 6.52026-07-06
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-ch…
- CVE-2026-32895MEDIUMCVSS 5.4EG 5.42026-03-21
OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in member and message subtype system event handlers, allowing unauthorized events to be enqueued. Attackers can bypass Slack DM allowlists and per-channel user allow…
- CVE-2026-32899MEDIUMCVSS 4.3EG 4.32026-03-21
OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowl…
- CVE-2026-32906MEDIUMCVSS 4.3EG 4.32026-05-29
OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permission…
- CVE-2026-32914HIGHCVSS 8.8EG 8.82026-03-29
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can re…
- CVE-2026-32915HIGHCVSS 8.8EG 8.82026-03-29
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandbo…
- CVE-2026-32918HIGHCVSS 8.4EG 8.42026-03-29
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or mod…
- CVE-2026-32919MEDIUMCVSS 6.1EG 6.12026-03-29
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash co…
- CVE-2026-32923MEDIUMCVSS 5.4EG 5.42026-03-29
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted …
- CVE-2026-32924CRITICALCVSS 9.8EG 9.82026-03-29
OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to byp…
- CVE-2026-32966CRITICALCVSS 9.8EG 9.82026-06-17
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which …
- CVE-2026-32967CRITICALCVSS 9.1EG 9.12026-06-17
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
- CVE-2026-32972HIGHCVSS 7.1EG 7.12026-03-29
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing authenticated operators with only operator.write permission to access admin-only browser profile management routes through browser.request. Attackers can cre…
- CVE-2026-32978HIGHCVSS 8.0EG 8.02026-03-29
OpenClaw before 2026.3.11 contains an approval integrity vulnerability where system.run approvals fail to bind mutable file operands for certain script runners like tsx and jiti. Attackers can obtain approval for benign script commands, re…
- CVE-2026-32991HIGHCVSS 7.1EG 7.12026-05-13
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.
Map vulnerabilities like CWE-863 to your infrastructure
EchelonGraph correlates every CVE — across CWE-863 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →