VYPR

CWE-288

Authentication Bypass Using an Alternate Path or Channel

BaseIncomplete

Description

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-127 · CAPEC-665

CVEs mapped to this weakness (336)

page 13 of 17
  • CVE-2026-42749HigMay 27, 2026
    risk 0.46cvss 7.1epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a…

  • CVE-2026-44574HigMay 13, 2026
    risk 0.46cvss 8.1epss 0.00

    Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters…

  • CVE-2026-40022HigApr 27, 2026
    risk 0.46cvss 8.2epss 0.01

    When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and…

  • CVE-2026-41059HigApr 22, 2026
    risk 0.46cvss 8.2epss 0.00

    OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of `skip_auth_routes` or the legacy…

  • CVE-2026-3605HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.00

    An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor…

  • CVE-2026-34581HigApr 2, 2026
    risk 0.46cvss 8.1epss 0.00

    goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version…

  • CVE-2025-24332HigJul 2, 2025
    risk 0.46cvss 7.1epss 0.00

    Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the…

  • CVE-2025-30112HigMar 24, 2025
    risk 0.46cvss 7.1epss 0.00

    On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power…

  • CVE-2025-1739HigFeb 27, 2025
    risk 0.46cvss 7.1epss 0.00

    An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials…

  • CVE-2025-1717HigFeb 27, 2025
    risk 0.46cvss 8.1epss 0.01

    The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen()' function. This makes it possible for unauthenticated…

  • CVE-2025-23217HigFeb 6, 2025
    risk 0.46cvss epss 0.01

    mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to…

  • CVE-2024-11178HigDec 6, 2024
    risk 0.46cvss 8.1epss 0.01

    The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and…

  • CVE-2024-35214HigAug 20, 2024
    risk 0.46cvss epss 0.00

    A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT.

  • CVE-2026-36175MedJun 4, 2026
    risk 0.44cvss 6.8epss 0.00

    An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments.

  • CVE-2026-42432HigApr 28, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without the operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the…

  • CVE-2026-22341MedFeb 20, 2026
    risk 0.44cvss 6.7epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0.

  • CVE-2025-22862MedOct 2, 2025
    risk 0.44cvss 6.7epss 0.00

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated…

  • CVE-2026-42378MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

  • CVE-2026-45217MedMay 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7.

  • CVE-2026-4524MedMay 14, 2026
    risk 0.42cvss 6.5epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due…