Authentication Bypass
Authentication bypass attacks exploit flaws in the verification mechanisms that control access to systems and applications.
How It Works
Authentication bypass attacks exploit flaws in the verification mechanisms that control access to systems and applications. Instead of cracking passwords through brute force, attackers manipulate the authentication process itself to gain unauthorized entry. This typically occurs through one of several pathways: exploiting hardcoded credentials embedded in source code or configuration files, manipulating parameters in authentication requests to skip verification steps, or leveraging broken session management that fails to properly validate user identity.
The attack flow often begins with reconnaissance to identify authentication endpoints and their underlying logic. Attackers may probe for default administrative credentials that were never changed, test whether certain URL paths bypass login requirements entirely, or intercept and modify authentication tokens to escalate privileges. In multi-step authentication processes, flaws in state management can allow attackers to complete only partial verification steps while still gaining full access.
More sophisticated variants exploit single sign-on (SSO) or OAuth implementations where misconfigurations in trust relationships allow attackers to forge authentication assertions. Parameter tampering—such as changing a "role=user" field to "role=admin" in a request—can trick poorly designed systems into granting elevated access without proper verification.
Impact
- Complete account takeover — attackers gain full control of user accounts, including administrative accounts, without knowing legitimate credentials
- Unauthorized data access — ability to view, modify, or exfiltrate sensitive information including customer data, financial records, and intellectual property
- System-wide compromise — admin-level access enables installation of backdoors, modification of security controls, and complete infrastructure takeover
- Lateral movement — bypassed authentication provides a foothold for moving deeper into networks and accessing additional systems
- Compliance violations — unauthorized access triggers breach notification requirements and regulatory penalties
Real-World Examples
CrushFTP suffered a critical authentication bypass allowing attackers to access file-sharing functionality without any credentials. The vulnerability enabled direct server-side template injection, leading to remote code execution on affected systems. Attackers actively exploited this in the wild to establish persistent access to enterprise file servers.
Palo Alto's Expedition migration tool contained a flaw permitting attackers to reset administrative credentials without authentication. This allowed complete takeover of the migration environment, potentially exposing network configurations and security policies being transferred between systems.
SolarWinds Web Help Desk (CVE-2024-28987) shipped with hardcoded internal credentials that could not be changed through normal administrative functions. Attackers discovering these credentials gained full administrative access to helpdesk systems containing sensitive organizational information and user data.
Mitigation
- Implement multi-factor authentication (MFA) — requires attackers to compromise additional verification factors beyond bypassed primary authentication
- Eliminate hardcoded credentials — use secure credential management systems and rotate all default credentials during deployment
- Enforce authentication on all endpoints — verify every request requires valid authentication; no "hidden" administrative paths should exist
- Implement proper session management — use cryptographically secure session tokens, validate on server-side, enforce timeout policies
- Apply principle of least privilege — limit damage by ensuring even authenticated users only access necessary resources
- Regular security testing — conduct penetration testing specifically targeting authentication logic and flows
Recent CVEs (31131)
Unauthorized configuration write in Dashy self-hosted dashboard (versions prior to 4.0.8) lets unauthenticated users or non-admin authenticated users overwrite the central config.yaml via the config-saving endpoint when the deployment uses OIDC authentication, bypassing configured permission controls. Successful abuse enables tampering with dashboard configuration and potential service disruption. No public exploit identified at time of analysis; not listed in CISA KEV.
Unauthorized access in Dell ThinOS 10 (versions prior to 2605_10.2100) stems from an obsolete UI feature (CWE-448) that a low-privileged local attacker can abuse to bypass authentication controls. With valid low-level local access to the thin-client, an attacker can leverage the leftover interface path to reach functionality or data they should not have, yielding high confidentiality, integrity, and availability impact per the CVSS 7.8 (High) rating. No public exploit identified at time of analysis; the flaw was reported by Dell and disclosed in advisory DSA-2026-300.
Local credential theft in the garminconnect Python library (versions <= 0.3.4) stems from writing its OAuth token store to disk without an explicit file mode, so under the default umask 022 the file garmin_tokens.json - containing the DI refresh token - is created world-readable (0o644). Any unprivileged co-tenant on a shared Linux or macOS host can read the token and exchange it at Garmin's OAuth endpoint for fresh access tokens, gaining persistent access to the victim's Garmin Connect account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix in 0.3.5 is confirmed and the issue is trivially reproducible under default configuration.
Protection mechanism failure in Dell ThinOS 10 (versions prior to 2605_10.2100) allows an unauthenticated attacker with physical device access to bypass encryption controls and gain unauthorized read and write access to data stored on the thin client. The flaw, classified as CWE-693, indicates the encryption or authentication protection subsystem can be circumvented without any credentials, consistent with the Authentication Bypass tag and CVSS PR:N rating. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the physical access constraint limits but does not eliminate risk in environments with unattended or theft-prone thin clients.
mTLS authentication bypass in the Red Hat Ansible Automation Platform (AAP) Gateway Envoy proxy allows unauthenticated remote attackers to inject spoofed events into protected Event-Driven Ansible (EDA) event streams. The non-mTLS route to EDA event streams fails to strip the client-supplied Subject HTTP header even though the source defines requestHeadersToRemove for it, so an attacker can forge a Subject value matching a legitimate client certificate's Distinguished Name and impersonate an authenticated client. No public exploit identified at time of analysis; the issue is tracked by Red Hat (CWE-290, CVSS 8.2) but is not on CISA KEV and no EPSS score was provided.
Album ownership takeover in immich before 3.0.3 allows a user with shared-album editor access to escalate to full owner by abusing the PUT /albums/:id/user/:userId endpoint (CWE-863, Incorrect Authorization). Because the endpoint fails to enforce owner-only restrictions on role changes, an editor can demote the legitimate owner and promote themselves across two sequential requests, gaining deletion and member-eviction control over the album and its assets. Publicly available exploit code exists and a vendor patch (v3.0.3) has shipped, though it is not currently listed in CISA KEV.
Improper authorization in SpecterOps BloodHound through 9.4.0 lets any authenticated user tamper with the global custom-node graph schema by calling POST, PUT, and DELETE operations on the /api/v2/custom-nodes endpoints, which enforced only that a caller was logged in rather than that they held write permissions. Because custom node kinds are a shared, tenant-wide schema construct, a single low-privileged account can create, alter, or delete node types that affect every user and tenant on the instance. Publicly available exploit code exists and a vendor patch (commit 8f79035) is available; there is no CISA KEV listing, so exploitation is not confirmed as active.
Authorization bypass in FastGPT's workflow engine allows any authenticated platform user to invoke another user's private HTTP toolsets by crafting a workflow node ID in the form http-<victim_toolset_app_id>/<tool_name>. Affected versions span 4.14.17 through pre-4.15.0-beta5; the normal toolset access routes enforce ownership, but the workflow save path and the /api/v2/chat/completions runtime endpoint omit the same check, enabling cross-tenant tool execution. No public exploit code or CISA KEV listing exists at time of analysis; the AC:H vector reflects that exploitation requires prior knowledge of a victim's toolset app ID.
Broken object-level authorization in Kanboard through 1.2.52 lets any authenticated user who belongs to at least one project move, corrupt, or hide tasks in any other project on the same instance, including private projects they have no role on. The BoardAjaxController save() drag-and-drop endpoint checks the caller's role against the attacker-supplied project_id but never confirms the supplied task_id belongs to that project, and because task IDs are sequential integers shared instance-wide they are trivially enumerable. Publicly available exploit code exists and a vendor patch (commit 564cc30) is available, but this is not listed in CISA KEV and there is no public exploit identified as actively exploited in the wild.
MantisBT's REST and SOAP APIs fail to enforce the $g_set_status_threshold authorization gate, allowing any authenticated user holding the UPDATER role (the default update permission) to change an issue's workflow status to values that should require DEVELOPER-level access or higher. The vulnerability is confirmed patched in release 2.28.4 with no public exploit or KEV listing. Because UPDATER is the default role for ordinary authenticated contributors, this flaw is broadly reachable on any MantisBT instance where the API is accessible without further hardening of role assignments.
Unauthenticated information disclosure in GPUStack through version 2.2.1 lets remote attackers reach the worker port's unprotected /serveLogs and /debug endpoints to stream live inference logs - including user prompts and model completions - and to alter worker runtime configuration such as log levels and memory profiling output. Because the flaw is missing authentication (CWE-306) on network-exposed endpoints, exploitation requires no credentials and no user interaction; publicly available exploit code exists, though the issue is not listed in CISA KEV. VulnCheck reported it and the vendor fixed it in commit 4e20551.
Privilege escalation to administrator in MantisBT 2.28.3 and earlier lets a low-privileged or self-registered user impersonate any account, including the administrator, through the SOAP API's flawed mci_check_login() function. Because the function accepts any valid cookie_string without checking that it belongs to the supplied username, an attacker who knows a target username (e.g. 'administrator') and possesses their own MANTIS_STRING_COOKIE can authenticate as that user without a password. With self-registration enabled by default ($g_allow_signup = ON), this is exploitable from zero prior access, granting full read/write and destructive control over all projects, issues, and user data. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the underlying bug is trivially reliable.
Same-Origin Policy bypass in Lightpanda headless browser before 0.3.1 allows an attacker-controlled site to impersonate an arbitrary victim origin. Because origin computation searched for the '@' userinfo delimiter across the entire URL string rather than only the authority component, a URL like http://attacker.com/@victim.com/ was fetched from attacker.com yet treated as origin http://victim.com, breaking the fundamental web isolation boundary. No public exploit identified at time of analysis and not listed in CISA KEV, but the CVSS 9.3 rating and the trivial, deterministic nature of the parsing flaw make it a high-priority fix for any automation pipeline using Lightpanda.
Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
File Browser prior to 2.63.17 retains stale public directory share records after a shared directory is deleted via a trailing-slash path, because the Bolt storage backend queries for shares using the unnormalized path before trimming the slash - causing the exact-match share record (stored as '/a') to be missed by a query against '/a/'. If the directory is subsequently recreated at the same path, any holder of the original share URL immediately gains unauthorized read access to the new directory contents. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Server-side template injection in Frappe ERPNext (versions before 15.111.0 and 16.22.0) lets an authenticated user holding only a standard operational role inject a malicious template payload into a configuration field, causing the server to render it and disclose data the user is not authorized to see. Because the flaw is rooted in an authorization failure (CWE-863), it effectively bypasses ERPNext's role/permission boundaries. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a fixed release is available from the vendor.
Account takeover in Penpot before 2.14.5 allows an authenticated registered user to hijack any non-blocked profile without knowing its password. The flaw chains three defects: create-team-invitations leaks invitation tokens, prepare-register-profile embeds an existing profile's id into the prepared-register JWE, and register-profile then mints a session on an invitation email match while skipping password verification (CWE-287). No public exploit has been identified, but the fix commit and PR diff are public and the CVSS base score is 9.9.
Authentication bypass (account takeover) in Vaultwarden before 1.36.0 allows an attacker who controls a federated identity provider identity to log in as an arbitrary local user by asserting that user's email address. The flaw exists because the SSO login flow validated the IdP 'email_verified' claim only during new-user creation, but skipped it when SSO_SIGNUPS_MATCH_EMAIL=true linked an incoming IdP identity to a pre-existing local account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed in release 1.36.0.
Vaultwarden's SSO discovery endpoint exposed real organization SSO metadata - including organizationIdentifier values - to unauthenticated requests for arbitrary email addresses, enabling organization enumeration and authentication workflow abuse. All Vaultwarden deployments prior to 1.36.0 with SSO enabled are affected; an attacker with network access could query the `/organizations/domain/sso/verified` endpoint with any email address to harvest real org names and identifiers, then leverage those identifiers to obtain a valid pre-validation JWT through the `prevalidate()` flow without legitimate credentials. No public exploit code is identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Privilege escalation via OAuth scope enforcement bypass affects Cloudreve self-hosted file management versions 4.12.0 through 4.16.0, where access tokens are issued without the client_id claim. Because the JWT verifier keys scope loading on client_id, a holder of a legitimately-issued low-scope OAuth access token can invoke APIs requiring higher scopes - file, share, workflow, user setting, WebDAV account, and potentially admin - as the enforcement layer degrades to non-scoped session authentication. No public exploit identified at time of analysis, but the root cause is confirmed by the vendor's fix commit and advisory GHSA-vgj4-345g-jcf8, with the issue resolved in 4.16.1.
Path traversal via improper authorization in Cloudreve's WebDAV handler lets a scoped WebDAV account escape its configured root folder, reading and listing files anywhere the server process can reach, and - with a writable credential - creating, overwriting, moving, or deleting them. All versions prior to 4.16.1 are affected. No public exploit is identified at time of analysis and it is not listed in CISA KEV, though the flaw is straightforward to trigger once a low-privileged WebDAV credential is held.
Cross-tenant data disclosure in FastGPT 4.14.17 through 4.15.0-beta5 lets a low-privileged tenant user read another tenant's dataset content via the POST /api/core/chat/record/getCollectionQuote endpoint. The endpoint validates the caller's chat and collection context but fails to bind the initialId center-node lookup to that authorized context, so an attacker supplying a foreign dataset data id as initialId (while using their own valid appId, chatId, chatItemDataId, and collectionId) receives the victim tenant's dataset quote or full-text content. This is an authenticated (PR:L) authorization flaw with no public exploit identified at time of analysis and no CISA KEV listing; EPSS data was not provided.
Authentication bypass in FastGPT 4.15.0-beta4 lets unauthenticated remote attackers forge JWTs and access internal plugin reverse-call endpoints, because /api/invoke/* trusts tokens signed with INVOKE_TOKEN_SECRET whose default value is the literal string 'token' and which official deployment templates never set. By self-signing an HS256 JWT, an attacker can call /api/invoke/userInfo to read cross-tenant user PII via arbitrary tmbId values, or /api/invoke/fileUpload to write attacker-controlled content into chat files. No public exploit identified at time of analysis and not listed in CISA KEV, but the trivial exploitation and hardcoded-secret root cause make this high priority for self-hosted deployments.
Server-side request forgery leading to code execution in Cursor's browser-enabled Cloud Agent lets attacker-controlled web content reach an unauthenticated local agent endpoint from inside the sandbox, compromising the session. Affecting Cursor Cloud Agent sessions prior to the 03/31/2026 fix, an attacker who gets a browsing agent to load malicious content can run code in the sandbox and read repository contents, environment variables, credentials, and GitHub App access tokens scoped to that session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the flaw is a missing-authentication (CWE-306) authentication-bypass class issue with high confidentiality, integrity, and availability impact to the affected session.
Authentication bypass in HKUDS LightRAG before 1.5.4 lets a remote unauthenticated attacker defeat X-API-Key protection when the server runs in the API-key-only profile (LIGHTRAG_API_KEY set, AUTH_ACCOUNTS unset). Because auth.py falls back to a public hardcoded DEFAULT_TOKEN_SECRET and /auth-status and /login freely mint guest JWTs, combined_dependency honored a guest token before ever checking the API key, exposing document read/upload/delete, graph mutation, and query endpoints. No public exploit is identified at time of analysis, but the underlying fix (PR #3319) ships a regression test showing that forging a valid guest token with the default secret is trivial; fixed in 1.5.4.
Missing authorization on device receiver endpoints in ICU Scandinavia Boomerang exposes facility and quality-assurance installations to unauthenticated read and write access over adjacent networks. Any attacker with network adjacency can retrieve complete facility configurations and inject arbitrary data into the sensor database without supplying credentials, violating both confidentiality and integrity of operational sensor records. No public exploit has been identified at time of analysis, but CERT-PL's coordinated disclosure and a vendor-confirmed patch in version 2.4.18.029 indicate a concrete, addressable risk for organizations running unpatched deployments.
Privilege escalation in CRI-O (the OCI container runtime used by Red Hat OpenShift Container Platform 4 and many Kubernetes clusters) lets an attacker who can set container environment variables inject a newline into the HOME variable and append arbitrary lines to /etc/passwd, enabling creation of a rootful or otherwise privileged account inside the container. It is a bypass of the incomplete fix for CVE-2022-4318, whose HOME sanitization was insufficient. No public exploit identified at time of analysis and it is not listed in CISA KEV.
ImageMagick's `-script` operation bypasses the configured security policy file path restrictions in versions before 7.1.2-26 (7.x branch) and before 6.9.13-51 (6.9.13-x branch), enabling a local attacker with low privileges to read files from paths explicitly denied by the security policy. The CVSS 4.0 score of 4.8 reflects the local-only attack surface, low-privilege requirement, and confidentiality-only impact with no code execution possible. No public exploit code has been identified and this vulnerability is not confirmed actively exploited (CISA KEV).
Denial of service in Grav CMS 2.0.1 lets a trusted package source or admin-level uploader bypass the newly added decompression-bomb size cap and exhaust disk space or inodes on the host. The 2.0.1 cap trusts the attacker-forgeable uncompressed size declared in each ZIP central-directory entry rather than the actual inflated stream, so a crafted archive declaring tiny sizes slips past the check while extraction writes the real, far larger payload. This is an incomplete fix for GHSA-928x-9mpw-8h56, corrected in 2.0.2; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Broken authorization in PraisonAI Platform before 0.1.9 lets any authenticated workspace member modify shared label taxonomy and issue-label associations they should not control, renaming and recoloring shared labels and adding or removing labels on issues created by owners or admins. The flaw (CWE-862, missing authorization) stems from label PATCH and issue-label POST/DELETE endpoints trusting workspace membership without enforcing owner/admin role checks. Reported by VulnCheck with a vendor patch available; there is no public exploit identified at time of analysis and it is not in CISA KEV.
Webhook signature-verification bypass in PraisonAI before 4.6.78 lets unauthenticated attackers forge Svix 'message.received' events when the framework runs in AgentMail webhook mode. Because incoming payloads are trusted without validating the Svix signature (CWE-287), an attacker can POST crafted JSON to the webhook endpoint and cause configured agents to process attacker-chosen sender addresses and message bodies. A vendor patch exists (4.6.78); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authentication bypass in PraisonAI before 4.6.78 lets a remote, unauthenticated attacker reach the Call API agent-invocation endpoints when the deployment runs with PRAISONAI_CALL_AUTH=disabled. Because the localhost-only safeguard derives the bind host from the client-supplied HTTP Host header, an attacker on the network can send a spoofed 'Host: 127.0.0.1' header to defeat the restriction and both enumerate and invoke registered agents. Vendor patch is available (reported by VulnCheck); no public exploit identified at time of analysis and it is not listed in CISA KEV.
PraisonAI's tool approval caching mechanism in versions before 1.6.78 allows an attacker who influences an AI agent's behavior within a session to bypass human-in-the-loop oversight by reusing a single user-granted approval across tool calls with entirely different, unreviewed arguments. The flaw (CWE-863: Incorrect Authorization) directly undermines the security boundary that tool approval is designed to enforce, enabling arbitrary file write operations after approval of a benign operation. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog; however, the CVSS 4.0 score of 6.9 with high integrity impact reflects meaningful risk for any deployment relying on tool approval as a control.
Permission bypass in n8n's external secrets handling allows authenticated low-privilege users to exfiltrate secrets they are not authorized to access by exploiting a mismatch between the platform's static validation layer and its runtime expression engine. Affected are all n8n instances running versions before 1.123.61 (1.x branch), 2.27.4, or 2.28.1 (2.x branch) that have both an external secrets provider and Advanced Permissions configured. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the confidentiality impact is high for affected deployments given that secrets such as API keys and credentials may be fully exposed.
Unauthorized external secret disclosure in n8n before 2.28.1 allows authenticated project editors to read plaintext secret values from external secret managers by embedding references in workflow node expressions. The flaw bypasses the intended access control model: users with project editor roles - who are not granted explicit secrets access permissions - can nonetheless resolve and exfiltrate secrets via expression syntax. No public exploit or active exploitation has been identified, but the CVSS 4.0 vector assigns SC:H (high confidentiality impact on subsequent systems), reflecting that secrets stored in downstream vaults or secret managers are fully exposed to insufficiently privileged users.
Authentication bypass in the n8n Chat Trigger node allows unauthenticated network access to protected webhook endpoints when the node is explicitly configured with n8n User Auth - a non-default operator setting. Affected releases span all 1.x builds before 1.123.22, the entire 2.0.0-2.9.2 range, and 2.10.0. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the CVSS 4.0 score of 6.3 with AT:P correctly reflects that real-world exposure is bounded by the non-default configuration prerequisite.
Input validation bypass in n8n's Guardrail node (versions before 2.10.0) allows end users interacting with affected workflows to circumvent AI safety guardrail instructions through crafted inputs, undermining workflow integrity. Any n8n deployment running a workflow that incorporates the Guardrail node is exposed; instances not using that node are entirely unaffected regardless of version. No public exploit code has been identified and this CVE does not appear in CISA KEV; a vendor-confirmed patch is available in n8n 2.10.0.
Cross-tenant record injection in Roskus Prospero Flow CRM before 5.14.0 allows any authenticated user to silently insert customer, lead, and product records into a competing company's tenant by manipulating the company_id field in an uploaded Excel spreadsheet. The three affected import handlers (CustomerImport, LeadImport, ProductImport) map company_id directly from the user-controlled file without verifying it matches the authenticated session's own company, collapsing the multi-tenant data isolation boundary. No public exploit has been identified at time of analysis; vendor-released patch v5.14.0 is available and confirmed.
Broken function-level authorization in Prospero Flow CRM before 5.5.3 lets any authenticated low-privileged user (e.g. the standard 'User'/'Usuario' role) read every bank account record belonging to their company via GET /api/bank-account. The API route is guarded only by auth:api with no permission gate — unlike the web equivalent, which enforces can('read bank') — so any valid bearer token returns sensitive banking data (IBAN, SWIFT/BIC, account identifiers). A vendor patch exists (5.5.3) and the fixing commit is public; there is no public exploit identified at time of analysis and the flaw is not in CISA KEV.
Denial of service in Red Hat OpenShift GitOps (Argo CD operator) lets a tenant who controls a namespace-scoped Argo CD instance delete a ClusterRole belonging to a cluster-scoped Argo CD instance by crafting a name collision. Because the ClusterRole reconciler skips ownership validation (CWE-862), a low-privileged tenant can disrupt a higher-privileged, cluster-wide GitOps instance across the trust boundary. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the cross-tenant scope change makes it a meaningful multi-tenancy integrity concern.
SQL injection in Apache Fineract's Report Execution API (the runreports endpoint) in all versions up to and including 1.14.0 lets an authenticated user holding report-run permission inject arbitrary SQL through crafted report parameter values, because those values are concatenated into the generated query without sufficient validation. This yields unauthorized read access to data well beyond what the report was scoped to expose, and by extension other database contents. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; the upstream fix landed in PR #5980, which introduces a configurable InputValidator/validation-profile framework.
Authentication bypass in the Shibboleth WordPress plugin before 2.5.4 lets remote unauthenticated attackers forge identity headers and log in when the HTTP header identity mode is enabled without an anti-spoofing key. Because the plugin fails open rather than closed, any request carrying identity headers is trusted as an authenticated session, and with automatic account creation plus the default administrator role mapping an attacker can provision and sign in as a brand-new administrator. Rated CVSS 8.1 (CWE-287); publicly available exploit code exists (WPScan), but it is not listed in CISA KEV.
Kali Forms - Contact Form & Drag-and-Drop Builder WordPress plugin before version 2.4.17 allows any authenticated Contributor-level (or higher) user to duplicate arbitrary posts they do not own by exploiting a missing per-object authorization check in the plugin's AJAX post-duplication action. The attacker gains a published copy of the target post under their own ownership and can extract private post metadata, including secrets stored by other Kali Forms instances on the same site. A publicly available proof-of-concept exists per WPScan; the vulnerability is not currently listed in the CISA KEV catalog, though the low privilege bar and default-enabled feature make it an actionable risk on any multi-user WordPress installation running the affected plugin.
Arbitrary physical memory read/write in the ASUS System Control Interface (v3 and legacy) and ASUS Business Manager driver allows a local administrator to issue crafted IOCTL requests that bypass OS-enforced memory protections, per an ASUS-published advisory. The flaw (CWE-822, Untrusted Pointer Dereference) turns the signed ASUS driver into a read/write primitive over physical memory, enabling privilege escalation from admin to kernel and potential defense evasion. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS was not provided.
Arbitrary file operations in ASUS Aura Wallpaper Service allow a low-privileged local user to send crafted commands that carry an attacker-controlled file path, bypassing the service's intended path restrictions and abusing its higher-privileged context. Because the service exposes a communication channel that fails to properly restrict callers or validate file names (CWE-923), a local user can read, write, or manipulate files outside the intended scope, with high impact to confidentiality, integrity, and availability; on certain ASUS models exploitation can also render a single feature unavailable. No public exploit is identified at time of analysis, and it is not listed in CISA KEV, but the CVSS 4.0 base score of 8.5 (High) reflects meaningful impact despite the local vector and high attack complexity.
Authentication bypass in Ciena Navigator Network Control Suite (NCS 8.1), Manage Control Plane (MCP ≤ 8.0), and Blue Planet components (Inventory, Orchestration, Route Optimization & Analysis, Unified Assurance & Analytics, Planner Plus) allows an unauthenticated network attacker to manipulate HTTP request paths and headers to reach protected functionality while also evading audit logging. Rated CVSS 9.8 with a fully remote, low-complexity, no-interaction vector, this flaw hands attackers administrative-level access to carrier-grade network control and orchestration platforms. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the trivial exploitation profile makes it a high-priority patch for affected operators.
Incorrect access control in CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows any authenticated low-privilege user to invoke the /api/License/deactivateOffline endpoint and strip the server's license, rendering the service inoperable. The flaw (CWE-284) grants low-privileged accounts an action that should be restricted to administrative roles, providing a trivial denial-of-service primitive against industrial plant visualization infrastructure. No public exploit identified at time of analysis, though a researcher disclosure post on Medium appears to document the discovery.
Missing authorization on the `/api/v1/users/` backend user endpoint in xianyu-auto-reply allows remote unauthenticated attackers to access or manipulate user account data without any credentials. The flaw (CWE-862) affects all commits up to dcb445ad97816ad65299a7580ee0c8c8f929da84 in this FastAPI-based Python backend for automating Xianyu marketplace replies. A public exploit exists (CVSS 4.0 E:P), though no active exploitation is confirmed in CISA KEV; the vendor-issued patch commit is the recommended remediation given the project's rolling release model.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.
Security feature bypass in Adobe ColdFusion allows a low-privileged, network-based attacker to defeat access controls and obtain unauthorized read access to data outside their intended authorization boundary. Adobe PSIRT classifies the root cause as improper input validation and tags it an authentication bypass; the CVSS 3.1 score is 7.7 with a changed scope, reflecting impact that crosses a security boundary. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided.
Arbitrary code execution in Adobe ColdFusion allows an attacker with low-privileged access on an adjacent network to bypass authorization controls (CWE-863) and run code in the context of the current user, with a scope change that lets the impact extend beyond the vulnerable component. Adobe PSIRT reported the flaw and published advisory APSB26-82; it is tagged as RCE and authentication bypass with a CVSS 3.1 base score of 9.0. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the incorrect-authorization-to-RCE pattern in ColdFusion has historically drawn rapid attacker interest.
Missing authentication in Adobe ColdFusion allows an unauthenticated attacker on an adjacent network to trigger arbitrary code execution in the context of the current user, without any user interaction. The flaw (CWE-306) bypasses authentication on a critical function and carries a scope change, meaning the impact reaches beyond the vulnerable component. There is no public exploit identified at time of analysis, but the issue was reported by Adobe PSIRT and addressed in advisory APSB26-82.
Privilege escalation in Adobe ColdFusion 2023 (through Update 21) and ColdFusion 2025 (through Update 10) allows a remote, unauthenticated attacker to bypass authorization checks and gain unauthorized read and write access. Because the CVSS vector marks scope as changed (S:C) with PR:N and no user interaction, the attacker can act beyond the ColdFusion application boundary, yielding the maximum CVSS base score of 10.0. No public exploit is identified at time of analysis, and EPSS is low at 0.24% (15th percentile), indicating no observed weaponization yet despite the critical rating.
Unauthenticated abuse of the operator's NetLicensing credential affects Labs64 netlicensing-mcp (FastMCP server) versions <= 0.1.5 when run in HTTP transport mode. The ApiKeyMiddleware forwards requests that carry no client API key straight to the tool handlers, and the downstream client falls back to the server-side NETLICENSING_API_KEY environment variable, so any network-reachable attacker can invoke every MCP tool (list/create/update/delete of products, licenses, licensees, tokens) under the operator's identity and account quota. Publicly available exploit code exists (a self-contained Docker/Python PoC in the advisory), no public active exploitation is confirmed, and the issue is fixed in 0.1.6.
Navigation input validation bypass in Google Chrome prior to 150.0.7871.125 enables a remote attacker who has already compromised the renderer process to circumvent navigation restrictions through a crafted HTML page. The flaw is classified as a second-stage, chained exploit - the attacker must first achieve renderer process compromise before this vulnerability becomes exploitable. With integrity rated High (I:H) and no confidentiality or availability impact, the practical danger is unauthorized navigation control, potentially enabling redirect-based phishing, cross-origin frame manipulation, or security boundary bypass. No public exploit code or active exploitation has been identified at time of analysis; EPSS probability stands at 0.26% (17th percentile), consistent with low current threat activity.
Same Origin Policy bypass in Google Chrome's V8 JavaScript engine (prior to 150.0.7871.125) allows a remote attacker to cross origin security boundaries via a crafted HTML page, enabling high-impact integrity violations against cross-origin content. Exploitation requires the victim to visit the malicious page (UI:R), limiting automated mass exploitation - a constraint confirmed by SSVC's Automatable:no finding. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog; EPSS at 0.26% (17th percentile) is consistent with no observed active exploitation at time of analysis.
Same-origin policy bypass in Google Chrome prior to 150.0.7871.125 enables remote attackers to manipulate cross-origin content integrity through the browser's HTML-in-Canvas rendering subsystem. Exploitation requires a victim to visit a crafted HTML page, making this a socially-engineered attack rather than a fully autonomous one. No active exploitation has been recorded (CISA KEV: absent, SSVC exploitation: none), and EPSS sits at 0.26% - indicating low real-world exploitation activity at time of analysis.
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.
Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed.
Server-Side Request Forgery in Anyquery's server mode (versions < 0.4.5) lets remote attackers who reach the MySQL-compatible listener force the server to fetch arbitrary URLs through its built-in SQLite virtual table modules (json_reader, log_reader), which internally use go-getter. Because the server accepts MySQL connections without authentication and applies no allow/deny list on fetch targets, an attacker can CREATE VIRTUAL TABLE against internal endpoints or the cloud metadata IP (169.254.169.254) and read the response as a table, bypassing external firewalls to scan internal services and exfiltrate cloud IAM credentials. Publicly available exploit code exists (a working PoC is embedded in the vendor advisory); there is no CISA KEV listing or EPSS score in the provided data.
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped() replays buffered JSON for a @JsonUnwrapped property and calls prop.deserializeAndSet() without a prop.visibleInView(ctxt.getActiveView()) guard, allowing a property annotated with both @JsonView and @JsonUnwrapped to be written from attacker JSON under a less-privileged active view. This issue is fixed in versions 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1.
Arbitrary code execution in Adobe Animate 2023 and 2024 stems from an incorrect authorization (CWE-863) weakness that lets code run in the context of the current user. Adobe reported the flaw via advisory APSB26-83 with a CVSS 8.1 rating; exploitation requires no user interaction but depends on conditions outside the attacker's control (reflected in high attack complexity). There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an Incorrect Authorization flaw (CWE-863) that lets a maliciously crafted file run code in the context of the current user. Exploitation requires the victim to open the attacker-supplied file and depends on conditions beyond the attacker's control, and there is no public exploit identified at time of analysis. Adobe self-reported the issue and published fixes in advisory APSB26-83.
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Security feature bypass in Adobe Commerce, Magento Open Source, Adobe Commerce B2B, and the Adobe Commerce Webhooks Plugin allows a remote unauthenticated attacker (PR:N/UI:N) to circumvent authorization checks and obtain unauthorized read and write access to protected resources. Rooted in an incorrect authorization flaw (CWE-863), it carries a critical 9.1 CVSS with high confidentiality and integrity impact and requires no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-facing, no-privilege profile on a high-value e-commerce platform makes it a strong patch priority.
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
Improper authorization in Adobe Commerce, Adobe Commerce B2B, Magento Open Source, and the Adobe Commerce Webhooks Plugin allows remote unauthenticated attackers to bypass security controls and obtain unauthorized read and write access to protected data or functionality. The flaw carries a CVSS 9.1 rating, requires no user interaction, and per the CVSS vector needs no privileges (PR:N). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, unauthenticated nature makes it high priority for internet-facing storefronts.
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
Security feature bypass in Adobe Commerce, Adobe Commerce B2B, Magento Open Source, and the Adobe Commerce Webhooks plugin allows a high-privileged, authenticated attacker to defeat an authorization check (CWE-863) and gain unauthorized read access to data that should be restricted. The flaw is network-reachable with low complexity, requires no user interaction, and changes scope, so the exposure can reach beyond the initially vulnerable component. There is no public exploit identified at time of analysis and no CISA KEV listing, making exploitation currently theoretical rather than observed.
Local code execution in Microsoft .NET (Framework 3.5 through 4.8.1, .NET 8.0/9.0, and Visual Studio 2022/2026) arises from a protection mechanism failure (CWE-693) that lets an unauthorized attacker run arbitrary code once a victim is lured into opening a malicious file or project. The flaw requires user interaction (UI:R) and local delivery (AV:L) but no prior privileges (PR:N), yielding high confidentiality, integrity, and availability impact and a 7.8 CVSS score. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the ubiquity of .NET on Windows makes patching a priority.
Security feature bypass in Microsoft .NET (versions 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker circumvent an authorization control over the network due to incorrect authorization logic (CWE-863). Rated CVSS 8.2, the flaw carries a high integrity impact and requires no privileges or user interaction, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has released a patch, and the affected surface also includes Visual Studio 2022 (17.12, 17.14) and Visual Studio 2026 (18.7) tooling that bundle the runtime.
Remote denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) allows an unauthenticated network attacker to crash or hang the runtime by sending crafted input that fails proper type validation (CWE-1287). The flaw carries a CVSS 7.5 rating driven entirely by availability impact (A:H) with no confidentiality or integrity loss, and no public exploit has been identified at time of analysis. Microsoft has released a patch; there is no indication of active exploitation.
Missing authentication in Adobe Experience Manager (AEM as a Cloud Service, 6.5, and 6.5 LTS) lets a remote unauthenticated attacker reach a critical function directly, bypassing a security control to gain unauthorized write access. The CVSS 8.6 rating and scope-change flag indicate impact can extend beyond the initially vulnerable component, though only integrity is affected (no confidentiality or availability loss). No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Cross-tenant data exposure in n8n-mcp (npm package, <= 2.56.0) lets an authenticated tenant on a shared multi-tenant HTTP instance read, delete, and destroy the automatic workflow version backups belonging to other tenants. Because each snapshot embeds full node definitions, the leaked data can include credential references and authorization headers, making this both a confidentiality and an integrity/availability failure. Rated CVSS 9.9 due to the scope change across tenant trust boundaries; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.
Local code execution in Microsoft Visual Studio (2022 versions 17.12 and 17.14, and 2026 version 18.7) stems from a protection mechanism failure that lets an unauthorized attacker run arbitrary code once a victim is convinced to open or interact with a malicious project, file, or solution. Microsoft has published a fix, but there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. The CVSS 3.1 base score is 7.8, reflecting high confidentiality, integrity, and availability impact requiring local access plus user interaction.
Security feature bypass in Microsoft .NET (shipped via Visual Studio 2022 17.12/17.14 and Visual Studio 2026 18.7) lets a remote, unauthenticated attacker defeat a cryptographic-signature check over the network — most likely a JWT/token signature verification flaw per the vendor 'Jwt Attack' and 'Authentication Bypass' tags. By forging or tampering with signed data the runtime fails to validate correctly, an attacker can impersonate trusted principals and undermine an authentication or integrity control. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Privilege elevation in ASP.NET Core (bundled with .NET 8.0, 9.0, and 10.0) lets an already-authenticated, low-privileged network attacker bypass authentication controls by tampering with data the framework wrongly assumes to be immutable (CWE-302). Microsoft reported and patched the flaw; there is no public exploit identified at time of analysis and it is not on CISA KEV. At CVSS 8.8 with PR:L, an authorized user can escalate to higher privileges over the network.
Privilege escalation in Microsoft Configuration Manager (versions 2509 and 2603) lets an already-authorized, low-privileged network user gain elevated privileges due to improper access control. Rated CVSS 8.8, the flaw yields full confidentiality, integrity, and availability impact and is remotely reachable, though it requires existing valid low-level access. Microsoft has released a patch; no public exploit identified at time of analysis.
Improper authorization in Devolutions Server's secure messages deletion endpoint exposes an Insecure Direct Object Reference (IDOR) flaw allowing any authenticated user to permanently delete secure messages belonging to other users simply by supplying a target message identifier. Affected versions are 2026.2.11 and 2026.1.22; patched releases 2026.1.23 and 2026.2.12 are available per the vendor advisory. No public exploit identified at time of analysis, and the low CVSS score of 3.1 reflects constrained impact (integrity only, no data disclosure) paired with high attack complexity.
Authorization bypass in Devolutions Server 2026.2.11 and 2026.1.22 lets an authenticated low-privileged user approve their own pending access request by calling the access request status endpoint directly, bypassing the mandatory approver review. Because access requests gate elevated access to protected resources, this effectively grants unauthorized privileged access (CVSS 7.1). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the issue was disclosed and patched by the vendor.
Sensitive information disclosure in Devolutions Server 2026.1.x and 2026.2.x lets an authenticated low-privileged user read the private keys of SSH key and certificate PAM credentials belonging to other users. By supplying a credential identifier they should not have access to (an insecure direct object reference), the attacker retrieves secrets the PAM module is supposed to protect. No public exploit identified at time of analysis, and it is not on CISA KEV, but a vendor patch is available. Note: the supplied CVSS vector lists PR:N (unauthenticated) while the description explicitly requires an authenticated low-privileged user — treat this as an authenticated IDOR.
Credential disclosure in TP-Link Deco M5 v1 mesh routers stems from a weak (computationally cheap) password-hashing scheme used to store local user credentials, letting an attacker who has already obtained the stored hash recover the plaintext password via offline brute-force or dictionary attacks. Affected devices are the Deco M5 v1 hardware revision, and successful cracking yields access to device management functions scoped to the recovered account's privileges. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 vector (AV:L/AC:H/PR:H) reflects that it is a post-compromise credential-recovery weakness rather than a remote entry point.
A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings
A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has not been confirmed on physical production devices.
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation.
A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device.
Post-authentication command execution in NETGEAR Nighthawk RAX-series routers (RAX43, RAX45, RAX50, RAX54S, RAX54Sv2) permits an attacker already holding administrative credentials and adjacent network access to run unauthorized OS-level commands or code on the device. Rooted in CWE-20 (Improper Input Validation), the flaw bypasses authorization controls within the authenticated management session, yielding high integrity impact on the vulnerable system. No public exploit identified at time of analysis, though the CVSS 4.0 supplemental metric E:P indicates proof-of-concept code exists; a vendor-released patch is available from NETGEAR.
Spoofing via origin validation error in the Windows Network Address Translation (NAT) component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, including Server Core installations. An unauthenticated attacker positioned on an adjacent network segment can bypass origin/authentication checks (CWE-346) to impersonate a trusted source, with Microsoft rating scope-changed high impact to confidentiality, integrity, and availability (CVSS 8.3). No public exploit identified at time of analysis, though high attack complexity limits reliable exploitation.
Quick Facts
- Typical Severity
- CRITICAL
- Category
- auth
- Total CVEs
- 31131