Class weakness
Incomplete
CWE-1390: Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Log in
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Last updated
Attackers may be able to bypass weak authentication faster and/or with less effort than expected.
75 recorded CVEs are caused by CWE-1390 (Weak Authentication). The highest-severity and most recent are shown first. 17 new CWE-1390 CVEs have been recorded so far in 2026 (35 in 2025).
BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass
Showing 12 of 75 recorded CWE-1390 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-1390 vulnerabilitiesWhat can happen when CWE-1390 is exploited.
Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
Affects: Integrity, Confidentiality, Availability, Access Control
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Typically introduced during these phases of the software lifecycle.
Technologies
Illustrative examples from MITRE showing how the weakness appears in code.
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these products were often used in industries such as power, electrical, water, and others, there could even be safety implications.
Multiple OT products used weak authentication.
Real CVEs that MITRE cites as examples of this weakness.
Common questions about CWE-1390.
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
75 recorded CVEs are attributed to CWE-1390, including CVE-2025-30412, CVE-2025-30411, CVE-2026-6274.
Exploiting CWE-1390 can lead to: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands.
75 recorded CVEs are caused by CWE-1390; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-1390 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.