Missing Authorization

Missing authorization occurs when access control checks are absent or insufficient after authentication.

#appsec#cwe

Last updated: 2025-09-02T00:00:00.000Z

Evidence

CWE CWE-862 Normative evidence
cwe.mitre.org

Mappings

CWE-862

More context

Enforce authorization for every request using consistent server‑side checks; prefer deny‑by‑default policies.