Skip to main content

CWE-551

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

7 CVEs Avg CVSS 8.1 MITRE
2
CRITICAL
4
HIGH
1
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2026-57920 HIGH PATCH HOSTED Monitor

{orgId} REST endpoints they should not be able to access by appending a semicolon to the request path. With a scope-changing CVSS of 7.7 and confidentiality impact, a low-privileged tenant could read data belonging to other organizations managed by the same platform. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Incontrol
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-4636 Maven HIGH PATCH GHSA This Week

Authenticated users with uma_protection role in Red Hat Keycloak can bypass User-Managed Access policy validation to gain unauthorized access to victim-owned resources. The vulnerability (confirmed actively exploited - CISA KEV) enables attackers to inject arbitrary resource identifiers during policy creation, obtaining Requesting Party Tokens for resources they do not own. With CVSS 8.1 (High), network-accessible attack vector, and low complexity, this represents a significant access control bypass in enterprise identity management deployments. EPSS data and public exploit status not confirmed from available data.

Information Disclosure Red Hat Build Of Keycloak
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2016-20030 CRITICAL POC Act Now

User enumeration vulnerability in ZKTeco ZKBioSecurity 3.0 that allows unauthenticated attackers to discover valid usernames through partial character submissions to the authentication endpoint. A public proof-of-concept exploit is available, making this vulnerability actively exploitable, though it has a notably high CVSS score of 9.8 that appears inflated given the actual impact is limited to information disclosure.

Information Disclosure Zkteco Zkbiosecurity
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-0707 Maven MEDIUM PATCH This Month

Keycloak's Authorization header parser improperly tolerates non-RFC 6750 compliant formatting, including tabs and case variations in Bearer token authentication. This lax validation could enable attackers to bypass authentication mechanisms or manipulate token validation logic in applications relying on strict Bearer token parsing. No patch is currently available for this medium-severity vulnerability.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-23924 PHP CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Dompdf
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-32779 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
0.9%
CVE-2021-32777 HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
8.3
EPSS
3.3%
EPSS 0% CVSS 7.7
HIGH PATCH HOSTED Monitor

{orgId} REST endpoints they should not be able to access by appending a semicolon to the request path. With a scope-changing CVSS of 7.7 and confidentiality impact, a low-privileged tenant could read data belonging to other organizations managed by the same platform. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Incontrol
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authenticated users with uma_protection role in Red Hat Keycloak can bypass User-Managed Access policy validation to gain unauthorized access to victim-owned resources. The vulnerability (confirmed actively exploited - CISA KEV) enables attackers to inject arbitrary resource identifiers during policy creation, obtaining Requesting Party Tokens for resources they do not own. With CVSS 8.1 (High), network-accessible attack vector, and low complexity, this represents a significant access control bypass in enterprise identity management deployments. EPSS data and public exploit status not confirmed from available data.

Information Disclosure Red Hat Build Of Keycloak
NVD
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

User enumeration vulnerability in ZKTeco ZKBioSecurity 3.0 that allows unauthenticated attackers to discover valid usernames through partial character submissions to the authentication endpoint. A public proof-of-concept exploit is available, making this vulnerability actively exploitable, though it has a notably high CVSS score of 9.8 that appears inflated given the actual impact is limited to information disclosure.

Information Disclosure Zkteco Zkbiosecurity
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Keycloak's Authorization header parser improperly tolerates non-RFC 6750 compliant formatting, including tabs and case variations in Bearer token authentication. This lax validation could enable attackers to bypass authentication mechanisms or manipulate token validation logic in applications relying on strict Bearer token parsing. No patch is currently available for this medium-severity vulnerability.

Information Disclosure
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization +1
NVD GitHub
EPSS 1% CVSS 8.3
HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 3% CVSS 8.3
HIGH This Week

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy