CWE-1390: Weak Authentication
low-riskThe product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Abstraction: Class
Common Consequences
Integrity
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2025-40552 | 9.8 | 7.5% | — |
| CVE-2025-40554 | 9.8 | 6.1% | — |
| CVE-2024-49019 | 7.8 | 5.0% | — |
| CVE-2023-24890 | 6.5 | 4.3% | — |
| CVE-2024-38239 | 7.2 | 4.1% | — |
| CVE-2024-38182 | 9.0 | 2.0% | — |
| CVE-2025-27740 | 8.8 | 1.7% | — |
| CVE-2024-35248 | 7.3 | 1.7% | — |
| CVE-2024-8322 | 4.3 | 1.6% | — |
| CVE-2022-43400 | 9.8 | 1.2% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal