VYPR

CWE-288

Authentication Bypass Using an Alternate Path or Channel

BaseIncomplete

Description

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-127 · CAPEC-665

CVEs mapped to this weakness (336)

page 14 of 17
  • CVE-2026-45109HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6.

  • CVE-2026-44575HigMay 13, 2026
    risk 0.42cvss 7.5epss 0.01

    Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used…

  • CVE-2026-35422MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.01

    Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

  • CVE-2026-3531MedMar 26, 2026
    risk 0.42cvss 6.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.

  • CVE-2026-3214MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.

  • CVE-2025-68895MedFeb 20, 2026
    risk 0.42cvss 6.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaChat Messenger Marketing: from n/a through <= 1.1.

  • CVE-2020-37156MedFeb 11, 2026
    risk 0.42cvss 6.5epss 0.00

    BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain…

  • CVE-2025-64530HigNov 13, 2025
    risk 0.42cvss 7.5epss 0.00

    Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls…

  • CVE-2025-64173HigNov 6, 2025
    risk 0.42cvss 7.5epss 0.00

    Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required…

  • CVE-2025-3932MedMay 14, 2025
    risk 0.42cvss 6.5epss 0.00

    It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer…

  • CVE-2024-5620MedJul 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass. This issue affects Apinizer Management Console: before 2024.05.1.

  • CVE-2023-50915MedApr 30, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a…

  • CVE-2018-12608HigSep 10, 2018
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a…

  • CVE-2026-5557MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be…

  • CVE-2025-13013MedNov 11, 2025
    risk 0.40cvss 6.1epss 0.00

    Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2026-48020higJun 11, 2026
    risk 0.39cvss epss 0.01

    ## Summary There is a high severity vulnerability in Traefik's `StripPrefix` middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a `PathPrefix` rule and applies the `StripPrefix` middleware,…

  • CVE-2026-53622higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Summary There is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS…

  • CVE-2026-48491higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Summary There is a high severity vulnerability in Traefik's domain-fronting protection (`SNICheck`) that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router `TLSOptions`. When a router uses a wildcard host rule such as…

  • CVE-2026-45577MedMay 29, 2026
    risk 0.38cvss epss 0.00

    Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth…

  • CVE-2026-43945higMay 26, 2026
    risk 0.38cvss epss 0.01

    **Pre-auth** RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA (v.1.3.0-2706) that allows an unauthenticated remote attacker to achieve Full Remote Code Execution (RCE) as root. The exploit succeeds even when the platform is configured in its…