CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
Description
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-219 · CAPEC-465
CVEs mapped to this weakness (50)
page 1 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39906 | Cri | 0.65 | 10.0 | 0.01 | Apr 14, 2026 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through… | ||
| CVE-2026-23751 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2026 | Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint… | ||
| CVE-2025-68667 | Cri | 0.64 | — | 0.01 | Dec 23, 2025 | Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. Affected products include Conduit prior to… | ||
| CVE-2025-64125 | Cri | 0.61 | — | 0.00 | Jan 3, 2026 | A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue. | ||
| CVE-2026-24471 | Cri | 0.60 | — | 0.00 | Feb 2, 2026 | continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room (rejecting an invite), joining a room or… | ||
| CVE-2015-2947 | Cri | 0.59 | 9.1 | 0.01 | Apr 13, 2017 | KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. | ||
| CVE-2026-36608 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose… | ||
| CVE-2025-62718 | Cri | 0.57 | 9.9 | 0.01 | Apr 9, 2026 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip… | ||
| CVE-2025-11393 | Hig | 0.57 | 8.7 | 0.00 | Dec 15, 2025 | A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to… | ||
| CVE-2026-42313 | Hig | 0.54 | 8.3 | 0.00 | May 11, 2026 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist… | ||
| CVE-2026-7381 | Cri | 0.52 | 9.1 | 0.00 | Apr 29, 2026 | Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware… | ||
| CVE-2026-0098 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-48570 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2026-44494 | Hig | 0.50 | 8.7 | 0.00 | Jun 11, 2026 | Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full… | ||
| CVE-2025-47269 | Hig | 0.50 | 8.3 | 0.34 | May 9, 2025 | code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can… | ||
| CVE-2023-31313 | Hig | 0.47 | 7.2 | 0.00 | Feb 12, 2026 | An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. | ||
| CVE-2026-40868 | Hig | 0.46 | 8.1 | 0.00 | Apr 21, 2026 | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an… | ||
| CVE-2025-23217 | Hig | 0.46 | — | 0.01 | Feb 6, 2025 | mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to… | ||
| CVE-2026-55225 | imp | 0.45 | 8.0 | — | Jun 17, 2026 | strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi | ||
| CVE-2026-49821 | Hig | 0.43 | 7.7 | 0.00 | Jun 10, 2026 | Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace… |
- risk 0.65cvss 10.0epss 0.01
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through…
- risk 0.64cvss 9.8epss 0.01
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint…
- risk 0.64cvss —epss 0.01
Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. Affected products include Conduit prior to…
- risk 0.61cvss —epss 0.00
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.
- risk 0.60cvss —epss 0.00
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room (rejecting an invite), joining a room or…
- risk 0.59cvss 9.1epss 0.01
KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.
- risk 0.57cvss 8.8epss 0.00
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose…
- risk 0.57cvss 9.9epss 0.01
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip…
- risk 0.57cvss 8.7epss 0.00
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to…
- risk 0.54cvss 8.3epss 0.00
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist…
- risk 0.52cvss 9.1epss 0.00
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware…
- risk 0.51cvss 7.8epss 0.00
In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.50cvss 8.7epss 0.00
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full…
- risk 0.50cvss 8.3epss 0.34
code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can…
- risk 0.47cvss 7.2epss 0.00
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
- risk 0.46cvss 8.1epss 0.00
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an…
- risk 0.46cvss —epss 0.01
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to…
- risk 0.45cvss 8.0epss —
strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi
- risk 0.43cvss 7.7epss 0.00
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace…