CWE-288
Authentication Bypass Using an Alternate Path or Channel
BaseIncomplete
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-127 · CAPEC-665
CVEs mapped to this weakness (240)
page 2 of 12| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6771 | Cri | 0.64 | 9.8 | 0.00 | Apr 21, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6768 | Cri | 0.64 | 9.8 | 0.00 | Apr 21, 2026 | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |
| CVE-2026-6760 | Cri | 0.64 | 9.8 | 0.00 | Apr 21, 2026 | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |
| CVE-2026-3461 | Cri | 0.64 | 9.8 | 0.00 | Apr 15, 2026 | The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise. | |
| CVE-2026-31271 | Cri | 0.64 | 9.8 | 0.00 | Apr 7, 2026 | megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise. | |
| CVE-2026-30079 | Cri | 0.64 | 9.8 | 0.00 | Apr 7, 2026 | In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a registration accept! This leads the UE to be registered without proper authentication. | |
| CVE-2026-31151 | Cri | 0.64 | 9.8 | 0.00 | Apr 6, 2026 | An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. | |
| CVE-2026-29139 | Cri | 0.64 | 9.8 | 0.00 | Apr 2, 2026 | SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | |
| CVE-2026-27049 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2. | |
| CVE-2026-25035 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2. | |
| CVE-2026-4700 | Cri | 0.64 | 9.8 | 0.00 | Mar 24, 2026 | Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |
| CVE-2026-27842 | Cri | 0.64 | 9.8 | 0.00 | Mar 11, 2026 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. | |
| CVE-2026-27389 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | |
| CVE-2026-2628 | Cri | 0.64 | 9.8 | 0.00 | Mar 3, 2026 | The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators. | |
| CVE-2026-2791 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2784 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2775 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2025-21589 | Cri | 0.64 | 9.8 | 0.00 | Jan 27, 2026 | An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2; This issue affects Session Smart Conductor: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2; This issue affects WAN Assurance Managed Routers: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2. | |
| CVE-2025-69101 | Cri | 0.64 | 9.8 | 0.00 | Jan 22, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.1. | |
| CVE-2025-10484 | Cri | 0.64 | 9.8 | 0.00 | Jan 17, 2026 | The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password. |