VYPR

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

ClassDraft

Description

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-219 · CAPEC-465

CVEs mapped to this weakness (50)

page 2 of 3
  • CVE-2026-42043HigApr 24, 2026
    risk 0.40cvss 7.2epss 0.00

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This…

  • CVE-2026-53999higJun 12, 2026
    risk 0.39cvss epss 0.00

    # Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) ## Summary A configuration-validation issue in the Radius Kubernetes controller can cause it to issue a `DELETE` for the container resource referenced by a…

  • CVE-2026-3160MedMay 14, 2026
    risk 0.38cvss 5.8epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter…

  • CVE-2025-25061MedApr 4, 2025
    risk 0.38cvss 5.8epss 0.00

    Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.

  • CVE-2026-39961MedApr 9, 2026
    risk 0.37cvss 6.8epss 0.00

    Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database…

  • CVE-2026-27124MedApr 3, 2026
    risk 0.33cvss 6.1epss 0.00

    FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP…

  • CVE-2026-41365MedApr 28, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.

  • CVE-2026-9595MedJun 15, 2026
    risk 0.27cvss 5.3epss 0.00

    Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev…

  • CVE-2026-6993MedApr 25, 2026
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched…

  • CVE-2020-8561MedSep 20, 2021
    risk 0.27cvss 4.1epss 0.02

    A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view…

  • CVE-2026-45003MedMay 11, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.

  • CVE-2026-44992MedMay 11, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in…

  • CVE-2026-48522MedMay 28, 2026
    risk 0.20cvss 4.2epss 0.00

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There…

  • CVE-2025-48710MedJun 4, 2025
    risk 0.20cvss 4.1epss 0.00

    kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled…

  • CVE-2021-25740LowSep 20, 2021
    risk 0.20cvss 3.1epss 0.02

    A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

  • CVE-2018-1999038MedAug 1, 2018
    risk 0.20cvss 4.2epss 0.00

    A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.

  • CVE-2026-45182LowMay 9, 2026
    risk 0.14cvss 2.2epss 0.00

    GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP traffic on its behalf. This occurs when the "Block…

  • CVE-2020-5412Aug 7, 2020
    risk 0.07cvss epss 0.10

    Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious…

  • CVE-2026-53931Jun 17, 2026
    risk 0.00cvss epss 0.00

    ### Summary The spreadsheet-import endpoint `axiosRequestMake` could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so URLs whose query string ended in `.csv` (for…

  • CVE-2026-50169Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…