Skip to main content

Anubis CVE-2026-62314

MEDIUM
Improper Access Control (CWE-284)
2026-07-15 GitHub_M
5.8
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.8 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
vuln.today AI
5.8 MEDIUM

Network exploitable via single HTTP header (AV:N/AC:L/PR:N/UI:N); scope changes because bypass exposes upstream systems beyond Anubis; confidentiality limited to indirect upstream access (C:L), no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jul 15, 2026 - 22:10 vuln.today
Analysis Generated
Jul 15, 2026 - 22:10 vuln.today

DescriptionCVE.org

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check() trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP client to match default data/common/keep-internet-working.yaml ALLOW rules such as ^/\.well-known/.*$ and bypass the Anubis challenge. This issue is fixed in version 1.26.0-pre1.

AnalysisAI

Challenge bypass in Anubis Web AI Firewall (versions 1.22.0 through pre-1.26.0-pre1) allows unauthenticated remote HTTP clients to circumvent bot-challenge enforcement by supplying a crafted X-Original-URI header. PathChecker.Check() in lib/policy/checker.go unconditionally trusted this client-controlled header over the actual request path, enabling any client to match default ALLOW rules (e.g., ^/\.well-known/.*$) and reach upstream resources without completing the Anubis challenge. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send HTTP request with crafted X-Original-URI header
Delivery
PathChecker reads client-controlled header unconditionally
Exploit
Header path matches default ALLOW rule (e.g., /.well-known/)
Execution
Bot challenge skipped by policy engine
Persist
Request forwarded to upstream resource
Impact
Attacker scrapes or interacts with protected upstream

Vulnerability AssessmentAI

Exploitation Exploitation requires that Anubis is deployed as an HTTP intermediary (reverse proxy or subrequest auth endpoint) accessible to the attacker over the network, and that the target deployment uses the default data/common/keep-internet-working.yaml policy or any other policy containing ALLOW rules with path regex patterns the attacker can match via a crafted header value (e.g., ^/\.well-known/.*$, ^/robots\.txt$). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 5.8 (Medium) with vector AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N accurately characterizes the real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker targeting a site protected by Anubis sends an HTTP GET request to any Anubis-guarded endpoint and includes the header X-Original-URI: /.well-known/acme-challenge/bypass. Anubis reads the client-supplied header, evaluates the path against the default ALLOW rules in keep-internet-working.yaml, matches the ^/\.well-known/.*$ pattern, and forwards the request to the upstream resource without issuing a bot challenge. …
Remediation Upgrade Anubis to version 1.26.0-pre1 or later, available at https://github.com/TecharoHQ/anubis/releases/tag/v1.26.0-pre1. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-62314 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy