Broken Access Control accounted for 32% of high-severity findings across 4,200+ pen tests, making it the most prevalent and critical vulnerability.