CWE-288
Authentication Bypass Using an Alternate Path or Channel
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-665
CVEs mapped to this weakness (336)
page 15 of 17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40790 | Med | 0.35 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. | ||
| CVE-2026-41308 | Med | 0.35 | 6.5 | 0.00 | May 8, 2026 | Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain… | ||
| CVE-2025-10531 | Med | 0.35 | 5.4 | 0.00 | Sep 16, 2025 | Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143. | ||
| CVE-2024-33939 | Med | 0.35 | 5.3 | 0.01 | May 19, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3. | ||
| CVE-2017-6871 | Med | 0.35 | 5.4 | 0.00 | Aug 8, 2017 | A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app… | ||
| CVE-2026-40799 | Med | 0.34 | 5.3 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. | ||
| CVE-2026-8990 | Med | 0.34 | — | 0.00 | May 28, 2026 | A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3 | ||
| CVE-2025-52338 | Med | 0.34 | 5.3 | 0.00 | Aug 19, 2025 | An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack. | ||
| CVE-2025-26700 | Med | 0.34 | 5.2 | 0.00 | Feb 17, 2025 | Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive… | ||
| CVE-2024-46887 | — | Med | 0.34 | 5.3 | 0.01 | Oct 8, 2024 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about… | |
| CVE-2021-4353 | Med | 0.34 | 5.3 | 0.01 | Oct 20, 2023 | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers… | ||
| CVE-2026-42303 | Med | 0.33 | — | 0.00 | May 12, 2026 | Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request… | ||
| CVE-2024-37893 | Med | 0.31 | 5.9 | 0.01 | Jun 17, 2024 | Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using… | ||
| CVE-2026-1917 | Med | 0.28 | 4.3 | 0.00 | Mar 25, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3. | ||
| CVE-2026-47200 | Med | 0.27 | 5.3 | 0.00 | Jun 12, 2026 | Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled… | ||
| CVE-2026-35664 | Med | 0.27 | 5.3 | 0.00 | Apr 10, 2026 | OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper… | ||
| CVE-2026-35661 | Med | 0.27 | 5.3 | 0.00 | Apr 10, 2026 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct… | ||
| CVE-2026-35654 | Med | 0.27 | 5.3 | 0.00 | Apr 10, 2026 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback… | ||
| CVE-2026-35647 | Med | 0.27 | 5.3 | 0.00 | Apr 10, 2026 | OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access… | ||
| CVE-2026-35634 | Med | 0.26 | 5.1 | 0.00 | Apr 9, 2026 | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP… |
- risk 0.35cvss 6.5epss 0.00
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
- risk 0.35cvss 6.5epss 0.00
Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain…
- risk 0.35cvss 5.4epss 0.00
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
- risk 0.35cvss 5.3epss 0.01
Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.
- risk 0.35cvss 5.4epss 0.00
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app…
- risk 0.34cvss 5.3epss 0.00
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
- risk 0.34cvss —epss 0.00
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3
- risk 0.34cvss 5.3epss 0.00
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.
- risk 0.34cvss 5.2epss 0.00
Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive…
- risk 0.34cvss 5.3epss 0.01
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about…
- risk 0.34cvss 5.3epss 0.01
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers…
- risk 0.33cvss —epss 0.00
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request…
- risk 0.31cvss 5.9epss 0.01
Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using…
- risk 0.28cvss 4.3epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3.
- risk 0.27cvss 5.3epss 0.00
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled…
- risk 0.27cvss 5.3epss 0.00
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper…
- risk 0.27cvss 5.3epss 0.00
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct…
- risk 0.27cvss 5.3epss 0.00
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endpoints to trigger unauthorized feedback…
- risk 0.27cvss 5.3epss 0.00
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access…
- risk 0.26cvss 5.1epss 0.00
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP…