Skip to main content

CWE-302

Authentication Bypass by Assumed-Immutable Data

32 CVEs Avg CVSS 7.6 MITRE
6
CRITICAL
14
HIGH
12
MEDIUM
0
LOW
4
POC
0
KEV

Monthly

CVE-2026-47303 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker bypass authentication controls by tampering with data the framework wrongly assumes to be immutable (CWE-302). Microsoft reported and patched the flaw; there is no public exploit identified at time of analysis and it is not on CISA KEV. At CVSS 8.8 with PR:L, an authorized user can escalate to higher privileges over the network.

Authentication Bypass Net 10 0 Net 8 0 Net 9 0 Microsoft Visual Studio 2022 Version 17 12 +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-48781 CRITICAL PATCH Act Now

Privilege escalation to SUPERADMIN in Postiz (gitroomhq/postiz-app) versions prior to 2.21.8 allows any authenticated user to forge session JWTs and impersonate arbitrary organizations. The Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT_SECRET, and the auth middleware blindly trusted every claim without re-resolving the user from the database. No public exploit identified at time of analysis, but the fix commit is public and the root cause is trivially reproducible from the patch diff.

Information Disclosure Postiz App
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-34460 MEDIUM PATCH This Month

OAuth login CSRF in NamelessMC 2.2.4 and prior enables session swapping by exploiting the absence of server-side state parameter validation during OAuth callback handling. An unauthenticated attacker (PR:N) who controls their own OAuth-linked account can capture a valid callback URL and socially engineer a victim (UI:R) into navigating to it, causing the victim's browser session to become authenticated as the attacker's account - effectively hijacking the victim's logged-in state. No public exploit has been identified and this is not listed in the CISA KEV catalog, but the patch to version 2.2.5 is confirmed via GitHub Security Advisory GHSA-pmpw-2xvh-5xj6.

CSRF Nameless
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-43992 MEDIUM PATCH This Month

Authentication bypass in Dell ECS Geo replication (versions 3.8.1.0-3.8.1.7) and Dell ObjectScale (prior to 4.3.0.0) allows unauthenticated remote attackers to access data in transit by exploiting assumed-immutable data assumptions. The vulnerability affects the replication authentication mechanism, enabling unauthorized data exposure without requiring valid credentials or user interaction.

Dell Authentication Bypass
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2026-28510 MEDIUM This Month

Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-27840 Go MEDIUM PATCH This Month

Zitadel versions 2.31.0 through 3.4.6 and 4.10.x accept truncated opaque OIDC access tokens as valid when shortened to 80 characters, allowing attackers to bypass token validation and gain unauthorized access to protected resources. This affects deployments using the v2 token format where the symmetric encryption scheme fails to properly validate token length, enabling token forgery or reuse attacks.

Information Disclosure Zitadel Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-45370 HIGH This Week

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-8855 HIGH This Week

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-46647 MEDIUM PATCH This Month

CVE-2025-46647 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Apache Information Disclosure Apisix
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-29813 CRITICAL Act Now

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Devops
NVD
CVSS 3.1
10.0
EPSS
1.8%
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker bypass authentication controls by tampering with data the framework wrongly assumes to be immutable (CWE-302). Microsoft reported and patched the flaw; there is no public exploit identified at time of analysis and it is not on CISA KEV. At CVSS 8.8 with PR:L, an authorized user can escalate to higher privileges over the network.

Authentication Bypass Net 10 0 Net 8 0 +4
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Privilege escalation to SUPERADMIN in Postiz (gitroomhq/postiz-app) versions prior to 2.21.8 allows any authenticated user to forge session JWTs and impersonate arbitrary organizations. The Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT_SECRET, and the auth middleware blindly trusted every claim without re-resolving the user from the database. No public exploit identified at time of analysis, but the fix commit is public and the root cause is trivially reproducible from the patch diff.

Information Disclosure Postiz App
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

OAuth login CSRF in NamelessMC 2.2.4 and prior enables session swapping by exploiting the absence of server-side state parameter validation during OAuth callback handling. An unauthenticated attacker (PR:N) who controls their own OAuth-linked account can capture a valid callback URL and socially engineer a victim (UI:R) into navigating to it, causing the victim's browser session to become authenticated as the attacker's account - effectively hijacking the victim's logged-in state. No public exploit has been identified and this is not listed in the CISA KEV catalog, but the patch to version 2.2.5 is confirmed via GitHub Security Advisory GHSA-pmpw-2xvh-5xj6.

CSRF Nameless
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Authentication bypass in Dell ECS Geo replication (versions 3.8.1.0-3.8.1.7) and Dell ObjectScale (prior to 4.3.0.0) allows unauthenticated remote attackers to access data in transit by exploiting assumed-immutable data assumptions. The vulnerability affects the replication authentication mechanism, enabling unauthorized data exposure without requiring valid credentials or user interaction.

Dell Authentication Bypass
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.

Authentication Bypass Elabftw
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Zitadel versions 2.31.0 through 3.4.6 and 4.10.x accept truncated opaque OIDC access tokens as valid when shortened to 80 characters, allowing attackers to bypass token validation and gain unauthorized access to protected resources. This affects deployments using the v2 token format where the symmetric encryption scheme fails to properly validate token length, enabling token forgery or reuse attacks.

Information Disclosure Zitadel Suse
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.

Authentication Bypass
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2025-46647 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Apache Information Disclosure Apisix
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Devops
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy