Skip to main content

CWE-424

Improper Protection of Alternate Path

28 CVEs Avg CVSS 6.6 MITRE
3
CRITICAL
10
HIGH
14
MEDIUM
1
LOW
5
POC
1
KEV

Monthly

CVE-2026-54423 HIGH PATCH This Week

Access-control bypass in OpenStack Ironic before 37.0.1 lets an Ironic user who is authorized to deploy nodes via the IPMI management interface invoke the send_raw deploy step to issue arbitrary IPMI commands directly to a node's BMC, sidestepping the permission model Ironic normally enforces on management actions. This is an authenticated privilege-boundary flaw (CVSS 8.2, PR:H) affecting bare-metal provisioning environments; no public exploit code has been identified and it is not listed in CISA KEV at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2026-0268 MEDIUM PATCH This Month

Security control bypass in Palo Alto Networks Prisma Access Agent for Linux enables a local, low-privileged attacker to route network traffic outside the VPN tunnel, undermining the core data-in-transit protection the agent is designed to enforce. Only Linux deployments are affected - Windows, macOS, iOS, Android, and ChromeOS are explicitly not impacted. No public exploit code exists at time of analysis and this vulnerability is not listed in the CISA KEV catalog, but the CVSS 4.0 confidentiality impact is rated High due to the exposure of unencrypted traffic to untrusted network paths.

Authentication Bypass Microsoft Google Apple Prisma Access Agent
NVD VulDB
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-0237 HIGH PATCH This Week

Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total.

Apple Paloalto Authentication Bypass Prisma Browser
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-4913 MEDIUM This Month

Ivanti Neurons for ITSM before version 2025.4 allows authenticated attackers to retain access to disabled accounts via an unprotected alternate authentication path, enabling persistent unauthorized information disclosure. The vulnerability affects both on-premise and cloud deployments and requires user interaction (UI:R), limiting but not eliminating real-world risk in multi-user environments where account disablement is a critical security control.

Information Disclosure Ivanti
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2026-4270 PyPI MEDIUM PATCH This Month

AWS API MCP Server versions 0.2.14 through 1.3.9 contain an improper path protection flaw in the no-access and workdir features that allows local attackers to bypass file access restrictions and read arbitrary files accessible to the MCP client application. An attacker with local access and user interaction can exploit this vulnerability to expose sensitive local file contents. Users should upgrade to version 1.3.9 or later to remediate this issue.

Authentication Bypass Aws Api Mcp Server
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-4617 LOW Monitor

An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass Windows
NVD
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-49163 MEDIUM This Month

CVE-2025-49163 is a security vulnerability (CVSS 6.7) that allows booting an arbitrary image. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-49162 MEDIUM This Month

CVE-2025-49162 is a security vulnerability (CVSS 6.4) that allows file overwrite. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-48828 CRITICAL POC THREAT Emergency

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 running on PHP 8.1 or later allow unauthenticated access to protected API controllers. The /api.php endpoint fails to properly enforce method visibility on PHP 8.1+, enabling attackers to invoke internal API methods that should be restricted, as exploited in the wild in May 2025.

PHP RCE Vbulletin
NVD
CVSS 3.1
9.0
EPSS
73.7%
Threat
5.5
CVE-2025-48827 CRITICAL POC THREAT Emergency

vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 are vulnerable to remote code execution through crafted template conditional expressions. Attackers abuse PHP's alternative function invocation syntax to bypass template engine security checks and execute arbitrary PHP code, as actively exploited in the wild in May 2025.

Information Disclosure PHP Vbulletin
NVD
CVSS 3.1
10.0
EPSS
69.4%
Threat
5.6
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Access-control bypass in OpenStack Ironic before 37.0.1 lets an Ironic user who is authorized to deploy nodes via the IPMI management interface invoke the send_raw deploy step to issue arbitrary IPMI commands directly to a node's BMC, sidestepping the permission model Ironic normally enforces on management actions. This is an authenticated privilege-boundary flaw (CVSS 8.2, PR:H) affecting bare-metal provisioning environments; no public exploit code has been identified and it is not listed in CISA KEV at time of analysis.

Authentication Bypass
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Security control bypass in Palo Alto Networks Prisma Access Agent for Linux enables a local, low-privileged attacker to route network traffic outside the VPN tunnel, undermining the core data-in-transit protection the agent is designed to enforce. Only Linux deployments are affected - Windows, macOS, iOS, Android, and ChromeOS are explicitly not impacted. No public exploit code exists at time of analysis and this vulnerability is not listed in the CISA KEV catalog, but the CVSS 4.0 confidentiality impact is rated High due to the exposure of unencrypted traffic to untrusted network paths.

Authentication Bypass Microsoft Google +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in Palo Alto Networks Prisma Browser on macOS allows a locally authenticated non-admin user to access an internal automation bridge that was insufficiently restricted, enabling unauthorized commands to be sent to the browser and bypassing built-in security controls. The flaw is tracked as CVE-2026-0237 with a CVSS 4.0 score of 7.3 and no public exploit identified at time of analysis, though SSVC rates the technical impact as total.

Apple Paloalto Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM This Month

Ivanti Neurons for ITSM before version 2025.4 allows authenticated attackers to retain access to disabled accounts via an unprotected alternate authentication path, enabling persistent unauthorized information disclosure. The vulnerability affects both on-premise and cloud deployments and requires user interaction (UI:R), limiting but not eliminating real-world risk in multi-user environments where account disablement is a critical security control.

Information Disclosure Ivanti
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

AWS API MCP Server versions 0.2.14 through 1.3.9 contain an improper path protection flaw in the no-access and workdir features that allows local attackers to bypass file access restrictions and read arbitrary files accessible to the MCP client application. An attacker with local access and user interaction can exploit this vulnerability to expose sensitive local file contents. Users should upgrade to version 1.3.9 or later to remediate this issue.

Authentication Bypass Aws Api Mcp Server
NVD GitHub VulDB
EPSS 0% CVSS 1.1
LOW Monitor

An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the. Rated low severity (CVSS 1.1), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

CVE-2025-49163 is a security vulnerability (CVSS 6.7) that allows booting an arbitrary image. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

CVE-2025-49162 is a security vulnerability (CVSS 6.4) that allows file overwrite. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
EPSS 74% 5.5 CVSS 9.0
CRITICAL POC THREAT Emergency

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 running on PHP 8.1 or later allow unauthenticated access to protected API controllers. The /api.php endpoint fails to properly enforce method visibility on PHP 8.1+, enabling attackers to invoke internal API methods that should be restricted, as exploited in the wild in May 2025.

PHP RCE Vbulletin
NVD
EPSS 69% 5.6 CVSS 10.0
CRITICAL POC THREAT Emergency

vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 are vulnerable to remote code execution through crafted template conditional expressions. Attackers abuse PHP's alternative function invocation syntax to bypass template engine security checks and execute arbitrary PHP code, as actively exploited in the wild in May 2025.

Information Disclosure PHP Vbulletin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy