CWE-302
Authentication Bypass by Assumed-Immutable Data
BaseIncomplete
Description
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-13 · CAPEC-21 · CAPEC-274 · CAPEC-31 · CAPEC-39 · CAPEC-45 · CAPEC-77
CVEs mapped to this weakness (14)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56404 | Cri | 0.64 | 9.9 | 0.00 | Jan 24, 2025 | In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected. | |
| CVE-2026-40285 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2026 | WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), and the attacker-controlled value is then interpolated directly into a raw SQL query, allowing any authenticated user to query the database under an arbitrary identity. Version 3.6.10 fixes the issue. | |
| CVE-2024-12838 | Hig | 0.57 | 8.8 | 0.00 | Dec 31, 2024 | The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators. | |
| CVE-2026-39429 | Hig | 0.53 | 8.2 | 0.00 | Apr 8, 2026 | kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. This vulnerability is fixed in 0.30.3 and 0.29.3. | |
| CVE-2025-8855 | Hig | 0.53 | 8.1 | 0.00 | Nov 14, 2025 | Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry Information.This issue affects Brokerage Automation: before 1.1.71. | |
| CVE-2025-24876 | Hig | 0.53 | 8.1 | 0.00 | Feb 11, 2025 | The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application | |
| CVE-2025-26522 | Hig | 0.49 | — | 0.00 | Feb 14, 2025 | This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts. | |
| CVE-2024-3741 | Hig | 0.49 | 7.5 | 0.00 | Apr 18, 2024 | Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access. | |
| CVE-2024-22179 | Hig | 0.49 | 7.5 | 0.00 | Apr 18, 2024 | The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change. | |
| CVE-2024-45370 | Hig | 0.47 | 7.3 | 0.00 | Dec 1, 2025 | An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability. | |
| CVE-2024-8475 | Med | 0.42 | 6.5 | 0.00 | Dec 17, 2024 | Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. | |
| CVE-2025-43992 | Med | 0.36 | 5.6 | 0.00 | May 11, 2026 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data in transit. | |
| CVE-2024-3462 | Med | 0.35 | 5.4 | 0.00 | May 14, 2024 | Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch. | |
| CVE-2026-28510 | Med | 0.31 | 5.9 | 0.00 | May 5, 2026 | eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with an attacker-controlled TOTP secret and bypass the additional factor. This could result in unauthorized account access. This issue is fixed in version 5.4.2. |