VYPR

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

ClassDraft

Description

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-219 · CAPEC-465

CVEs mapped to this weakness (50)

page 3 of 3
  • CVE-2026-45723lowJun 5, 2026
    risk 0.00cvss epss 0.00

    ## Summary `managementServer.CreateSchematic` (`internal/backend/grpc/schematics.go`) passes the caller-controlled `TalosVersion` field directly to `imageFactoryClient.OverlaysVersions`, which embeds it verbatim into a `fmt.Sprintf("/version/%s/overlays/official",…

  • CVE-2026-47122May 29, 2026
    risk 0.00cvss epss 0.00

    ## Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. ## Details `Autoupdate/AppInstaller.m`'s `shouldAcceptNewConnection:` only enforces `SUCodeSigningVerifier validateConnection:` before stage 1…

  • CVE-2026-33768Mar 24, 2026
    risk 0.00cvss epss 0.00

    Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and x_astro_path query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets…

  • CVE-2026-30225Mar 6, 2026
    risk 0.00cvss epss 0.00

    OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction…

  • CVE-2026-28466Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway…

  • CVE-2026-24470Jan 26, 2026
    risk 0.00cvss epss 0.00

    Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network…

  • CVE-2025-68944Dec 26, 2025
    risk 0.00cvss epss 0.00

    Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

  • CVE-2025-66415Dec 1, 2025
    risk 0.00cvss epss 0.00

    fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from.…

  • CVE-2025-61780Oct 10, 2025
    risk 0.00cvss epss 0.00

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could…

  • CVE-2024-34068May 3, 2024
    risk 0.00cvss epss 0.00

    Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in…