CWE-288
Authentication Bypass Using an Alternate Path or Channel
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-665
CVEs mapped to this weakness (336)
page 12 of 17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43436 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps. | ||
| CVE-2025-40761 | Hig | 0.49 | 7.6 | 0.00 | Aug 12, 2025 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX… | ||
| CVE-2025-24095 | Hig | 0.49 | 7.6 | 0.01 | Mar 31, 2025 | This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences. | ||
| CVE-2025-24846 | Hig | 0.49 | 7.5 | 0.00 | Mar 3, 2025 | Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted… | ||
| CVE-2024-11981 | Hig | 0.49 | 7.5 | 0.01 | Nov 29, 2024 | Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages. | ||
| CVE-2018-5386 | Hig | 0.49 | 7.5 | 0.05 | Jul 24, 2018 | Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak. | ||
| CVE-2026-22037 | Hig | 0.48 | 8.4 | 0.00 | Jan 19, 2026 | The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of… | ||
| CVE-2025-55012 | Hig | 0.48 | — | 0.00 | Aug 11, 2025 | Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a… | ||
| CVE-2025-47244 | Hig | 0.48 | 7.3 | 0.00 | May 3, 2025 | Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.… | ||
| CVE-2026-42745 | Hig | 0.47 | 7.3 | 0.00 | May 27, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0. | ||
| CVE-2026-24206 | Hig | 0.47 | 7.3 | 0.01 | May 20, 2026 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure. | ||
| CVE-2026-8321 | Hig | 0.47 | 7.3 | 0.00 | May 11, 2026 | A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate… | ||
| CVE-2025-66238 | Hig | 0.47 | 7.2 | 0.00 | Dec 4, 2025 | DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine. | ||
| CVE-2025-31512 | Hig | 0.47 | 7.3 | 0.00 | Jul 22, 2025 | An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than… | ||
| CVE-2025-4687 | Hig | 0.47 | — | 0.00 | May 29, 2025 | In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge.… | ||
| CVE-2025-39535 | Hig | 0.47 | 7.2 | 0.00 | Apr 17, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.7. | ||
| CVE-2024-7027 | Hig | 0.47 | 7.3 | 0.00 | Jul 24, 2024 | The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for… | ||
| CVE-2026-40785 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. | ||
| CVE-2026-39450 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. | ||
| CVE-2026-42654 | Hig | 0.46 | 7.1 | 0.00 | Jun 2, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5. |
- risk 0.49cvss 7.5epss 0.01
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to enumerate a user's installed apps.
- risk 0.49cvss 7.6epss 0.00
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX…
- risk 0.49cvss 7.6epss 0.01
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.
- risk 0.49cvss 7.5epss 0.00
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted…
- risk 0.49cvss 7.5epss 0.01
Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.
- risk 0.49cvss 7.5epss 0.05
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
- risk 0.48cvss 8.4epss 0.00
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of…
- risk 0.48cvss —epss 0.00
Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a…
- risk 0.48cvss 7.3epss 0.00
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.…
- risk 0.47cvss 7.3epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
- risk 0.47cvss 7.3epss 0.01
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate…
- risk 0.47cvss 7.2epss 0.00
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.
- risk 0.47cvss 7.3epss 0.00
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version equal to or greater than…
- risk 0.47cvss —epss 0.00
In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge.…
- risk 0.47cvss 7.2epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos vitepos-lite allows Authentication Abuse.This issue affects Vitepos: from n/a through <= 3.1.7.
- risk 0.47cvss 7.3epss 0.00
The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for…
- risk 0.46cvss 7.1epss 0.00
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
- risk 0.46cvss 7.1epss 0.00
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
- risk 0.46cvss 7.1epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5.