CWE-8633 advisories

Incorrect Authorization

What it is

An access-control check is present but wrong, so users reach resources they should not.

How to fix it

Upgrade and correct the authorization logic; add tests for each role boundary.

How to avoid it

Enforce authorization server-side on every request, default-deny, and test each boundary.

Known Incorrect Authorization vulnerabilities

CVE-2026-26231 — high · Go/code.gitea.io/gitea
CLOUD-CLOUDSQL-PRIVESC-2023 — high · Cloud · GCP/Google Cloud SQL for SQL Server
SC-GHA-OIDC-MISCONFIG-2021 — critical · CI/CD · GitHub Actions/GitHub Actions to cloud OIDC trust misconfiguration · exploited

Stateward flags Incorrect Authorization in your own code and dependencies on every pull request.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.