Authentication Bypass
Authentication bypass attacks exploit flaws in the verification mechanisms that control access to systems and applications.
How It Works
Authentication bypass attacks exploit flaws in the verification mechanisms that control access to systems and applications. Instead of cracking passwords through brute force, attackers manipulate the authentication process itself to gain unauthorized entry. This typically occurs through one of several pathways: exploiting hardcoded credentials embedded in source code or configuration files, manipulating parameters in authentication requests to skip verification steps, or leveraging broken session management that fails to properly validate user identity.
The attack flow often begins with reconnaissance to identify authentication endpoints and their underlying logic. Attackers may probe for default administrative credentials that were never changed, test whether certain URL paths bypass login requirements entirely, or intercept and modify authentication tokens to escalate privileges. In multi-step authentication processes, flaws in state management can allow attackers to complete only partial verification steps while still gaining full access.
More sophisticated variants exploit single sign-on (SSO) or OAuth implementations where misconfigurations in trust relationships allow attackers to forge authentication assertions. Parameter tampering—such as changing a "role=user" field to "role=admin" in a request—can trick poorly designed systems into granting elevated access without proper verification.
Impact
- Complete account takeover — attackers gain full control of user accounts, including administrative accounts, without knowing legitimate credentials
- Unauthorized data access — ability to view, modify, or exfiltrate sensitive information including customer data, financial records, and intellectual property
- System-wide compromise — admin-level access enables installation of backdoors, modification of security controls, and complete infrastructure takeover
- Lateral movement — bypassed authentication provides a foothold for moving deeper into networks and accessing additional systems
- Compliance violations — unauthorized access triggers breach notification requirements and regulatory penalties
Real-World Examples
CrushFTP suffered a critical authentication bypass allowing attackers to access file-sharing functionality without any credentials. The vulnerability enabled direct server-side template injection, leading to remote code execution on affected systems. Attackers actively exploited this in the wild to establish persistent access to enterprise file servers.
Palo Alto's Expedition migration tool contained a flaw permitting attackers to reset administrative credentials without authentication. This allowed complete takeover of the migration environment, potentially exposing network configurations and security policies being transferred between systems.
SolarWinds Web Help Desk (CVE-2024-28987) shipped with hardcoded internal credentials that could not be changed through normal administrative functions. Attackers discovering these credentials gained full administrative access to helpdesk systems containing sensitive organizational information and user data.
Mitigation
- Implement multi-factor authentication (MFA) — requires attackers to compromise additional verification factors beyond bypassed primary authentication
- Eliminate hardcoded credentials — use secure credential management systems and rotate all default credentials during deployment
- Enforce authentication on all endpoints — verify every request requires valid authentication; no "hidden" administrative paths should exist
- Implement proper session management — use cryptographically secure session tokens, validate on server-side, enforce timeout policies
- Apply principle of least privilege — limit damage by ensuring even authenticated users only access necessary resources
- Regular security testing — conduct penetration testing specifically targeting authentication logic and flows
Recent CVEs (31261)
Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.115 lets a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page, stemming from an inappropriate implementation in the Forms component (Chromium severity: High). No public exploit identified at time of analysis, and the flaw is not on CISA KEV; Google has shipped a fixed Stable channel build. The high CVSS (8.8) reflects full compromise of the affected renderer process, though code execution is stated to be confined to the sandbox rather than a full host takeover.
Same-origin policy bypass in Google Chrome's Passwords component (versions prior to 150.0.7871.115) enables a remote attacker to read limited cross-origin data by directing a victim to a crafted HTML page. Chromium's own security team rates this High despite a CVSS base score of 4.3 (Medium), a discrepancy that likely reflects the sensitivity of credential-adjacent subsystem involvement rather than raw exploitability metrics alone. No public exploit identified at time of analysis; vendor patch is available as of the July 2026 stable channel release.
Heap corruption in Google Chrome's DOM implementation before 150.0.7871.115 lets a remote attacker corrupt memory when a victim opens a crafted HTML page, a High-severity Chromium bug rated CVSS 8.8. Google has shipped a Stable channel fix and the flaw requires user interaction (visiting a malicious page) but no privileges. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Same-origin policy bypass in Google Chrome's WebAppInstalls component on Android exposes limited cross-origin data to a local attacker who can direct a user to visit a crafted HTML page. All Chrome for Android releases prior to 150.0.7871.115 are affected. Google has rated this High severity internally despite a CVSS base score of 3.3 (Low); no public exploit code or active exploitation has been identified at time of analysis, and a vendor patch is available.
Privilege-boundary bypass in CAXperts UPVWebServices (2.4.2212.603-2.7.6) and the companion UDiTH Portal (2026.0.0-2026.2.0) lets any authenticated low-privilege user reach an administrative API endpoint that lacks an authorization check, enabling them to deactivate the application's license and disable the service. Rated CVSS 8.1 by the reporter, this is a broken-access-control (CWE-862) issue affecting engineering-portal deployments. There is no public exploit identified at time of analysis, EPSS is low (0.20%, 10th percentile), and it is not listed in CISA KEV, though SSVC rates the technical impact as total.
Full node takeover in Mysterium Node before v1.36.0 is possible because the /tequilapi/config/user endpoint enforces no authorization (CWE-862), letting remote unauthenticated attackers submit a crafted POST request to arbitrarily overwrite the node's configuration. Because the local TequilAPI management interface shipped enabled and unsecured by default, an attacker who can reach the API can seize complete control of the node. Publicly available exploit code exists (sch8ill/CVE-2026-31309), though there is no CISA KEV listing and EPSS remains low at 0.34%.
Work item metadata in GitLab EE is exposed to authenticated users holding only minimal project permissions due to missing authorization checks on affected API or web endpoints, enabling unauthorized reads of private project data. Affected deployments span GitLab EE 18.9 through pre-18.11.7, 19.0 through pre-19.0.4, and 19.1 through pre-19.1.2, with patched releases now available from the vendor. No public exploit has been identified at time of analysis, the vulnerability is not listed in CISA KEV, and the CVSS 4.3 Medium score reflects narrow impact - confidentiality-only, metadata-scoped, with no integrity or availability consequence.
Private project existence disclosure in GitLab CE/EE (versions 9.1 through 18.11.x, 19.0.x, and 19.1.x) enables low-privilege GitLab account holders to confirm whether a private project exists via improperly authorized cross-project reference pages. The flaw stems from missing authorization controls (CWE-862) on reference resolution endpoints, leaking project existence metadata to users who have no authorized access to the targeted private project. No public exploit exists and this vulnerability is not listed in CISA KEV; GitLab has released patches across all three affected version branches.
Improper authorization on GitLab EE GraphQL operations permits authenticated users holding auditor-level access to write modifications to compliance violation records - an action that role should not permit. Affected versions span all GitLab EE releases from 18.2 through the patched thresholds (18.11.7, 19.0.4, 19.1.2). No public exploit code exists and CISA KEV does not list this vulnerability; with CVSS 2.7 and PR:H, real-world impact is narrow but meaningful for organizations relying on compliance audit trails for regulatory evidence.
Security feature bypass in Microsoft Edge (Chromium-based) allows a remote, unauthenticated attacker to circumvent a browser security control over the network when a user is lured into interacting with attacker-controlled content. The scope-changing CVSS 8.2 vector and high confidentiality impact suggest the bypass can expose sensitive information beyond the browser's normal security boundary. Reported by Microsoft's own security team; no public exploit identified at time of analysis.
Authorization bypass in OpenCTI prior to version 7.260326.0 lets any authenticated user holding the KNOWLEDGE_KNUPDATE permission override Confidence Level validation and Object Marking restrictions simply by adding the 'synchronized-upsert: true' HTTP header. Exploitation allows downgrading confidence levels, stripping security markings such as TLP:RED, and tampering with STIX objects (Indicators, Threat Actors, Malware, Reports) and their relationships. There is no public exploit identified at time of analysis, and the issue is not on CISA KEV; the fix is delivered in release 7.260326.0.
Cross-namespace authorization bypass in HashiCorp Nomad's dynamic host volumes feature permits an authenticated operator holding host volume delete permissions in one namespace to delete sticky volume claims belonging to jobs in a different namespace. Both Nomad Community Edition and Nomad Enterprise are affected from version 0.4.1 up to 2.0.4, with Enterprise additionally receiving backport fixes in 1.11.8 and 1.10.14. No public exploit code has been identified at time of analysis and this vulnerability is not listed in CISA KEV, limiting immediate risk to multi-tenant deployments where namespace isolation is an enforced security boundary.
Improper authorization in GitLab Enterprise Edition allows an already-authenticated high-privilege user to modify group-level settings beyond the scope their role should permit. Affecting all EE versions from 16.10 through the patched releases of 18.11.7, 19.0.4, and 19.1.2, the flaw enables unauthorized integrity changes to group-wide policies without any user interaction. No public exploit or active exploitation has been identified at time of analysis, and the PR:H CVSS requirement substantially constrains real-world risk to a narrow set of already-privileged insiders.
Insecure Direct Object Reference in NL Portal's Taak V2 module (nl.nl-portal:taak) versions 1.5.0 through 3.0.0 lets any authenticated portal user holding a valid 'burger' OAuth token complete and tamper with another user's task by supplying its task ID. Because the submitTaakV2 GraphQL mutation never verified task ownership, an attacker can overwrite another user's submitted form data (verzondenData) and read that user's previously entered personal data returned in the GraphQL response, breaking both integrity and confidentiality. No public exploit is identified at time of analysis, but the flaw is trivially exploitable by any logged-in user against a horizontally-adjacent task object.
Unauthenticated remote code execution in Joro ≤ v1.1.0 (BishopFox's offensive-security tooling) allows an attacker to gain a shell as the operator's user when that operator merely visits a malicious web page. In the default proxy mode, Joro exposes an unauthenticated local API on 127.0.0.1:9090 with a wildcard CORS policy; because plugin uploads use the CORS-safelisted multipart/form-data content type, cross-origin JavaScript can upload a native Go plugin and trigger a restart through the operator's browser with no preflight or credentials, and the plugin's init() executes on load. No public exploit is identified at time of analysis, but the advisory documents a complete, reproducible attack chain, and the assigned CVSS is 9.6 (Critical).
Privilege/authorization bypass in Progress MOVEit Transfer's Audit User module lets an authenticated low-privileged user perform actions beyond their intended permissions, achieving high confidentiality, integrity, and availability impact (CVSS 8.8). Affected builds are all releases before 2025.0.7 and the 2025.1.x line before 2025.1.3. No public exploit has been identified at time of analysis, and the low EPSS score (0.18%, 8th percentile) with CISA SSVC marking exploitation as 'none' indicates no observed exploitation despite MOVEit's history as a ransomware target.
Authentication bypass by spoofing in Progress MOVEit Transfer's HTTPS module allows remote unauthenticated attackers to impersonate or partially bypass identity verification, compromising integrity (CVSS 7.5, I:H) without exposing or destroying data (C:N/A:N). The flaw affects MOVEit Transfer builds before 2025.0.7 and the 2025.1.x line before 2025.1.3; a vendor patch is available. There is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none, but MOVEit Transfer's history as a mass-exploitation target warrants prompt patching.
Broken access control in Gumroad's PurchasesController (versions before 2026.07.06.2) lets any authenticated seller revoke or restore buyer access to products they do not own by sending PUT requests to the revoke_access and undo_revoke_access actions, which fail to validate seller ownership. Because the actions operate on arbitrary purchase records via direct object reference, a low-privileged seller can tamper with the is_access_revoked flag on other sellers' sales. No public exploit was identified at time of analysis and the flaw is not listed in CISA KEV, but the fix is confirmed in release v2026.07.06.2.
Cross-origin WebSocket session hijacking in Midscene Bridge Server through version 1.10.3 lets any web page a victim visits connect to the locally running Socket.IO server without an Origin check or authentication token, seizing the tool's single-client slot. Once connected, a remote attacker can intercept and inject browser-automation commands, exfiltrate command-payload data, or unconditionally kill the server via the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. Publicly available exploit code exists (reported by VulnCheck) and a vendor patch is available (commit 86f4118); no active exploitation has been confirmed.
Account takeover in self-hosted Bitwarden Server before 2026.6.0 lets a low-privileged organization member steal any other member's vault key and a victim-scoped access token. The POST /auth-requests/admin-request handler never verifies that the email in the request body belongs to the authenticated caller (CWE-639), so an attacker can create a Trusted Device Encryption admin-approval request for a victim, bound to an attacker-controlled public key; once approved, the encrypted key material is retrievable from an unauthenticated endpoint. Publicly available exploit code exists (a VulnCheck advisory plus a public write-up), and the CVSS 4.0 base score of 9.3 reflects high confidentiality and integrity impact plus a cross-user scope change.
Authentication bypass in LiteLLM (BerriAI) proxy/AI Gateway before 1.84.0 lets a remote unauthenticated attacker reach MCP tooling by sending a fabricated Authorization header. The malformed header forces the MCP Streamable HTTP endpoint down an OAuth2 passthrough fallback that substitutes a failed key validation with an empty UserAPIKeyAuth() object, effectively treating the caller as authorized without any valid LiteLLM key. The CVSS 4.0 score of 8.8 reflects network-reachable, no-privilege access with high confidentiality impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Host namespace escape in HashiCorp Nomad and Nomad Enterprise lets an authenticated job submitter bypass the allow_privileged control for the Docker task driver, launching containers in host PID/network/IPC namespaces to read data from the host or co-located workloads on the same client node. The flaw stems from missing authorization enforcement (CWE-862) and carries a CVSS 7.7 with a changed scope, reflecting cross-tenant impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Setuptools prior to 83.0.0 fails to normalize Unicode filenames before matching them against MANIFEST.in exclusion patterns on macOS APFS and HFS+ filesystems, allowing files with NFD-normalized on-disk names to silently bypass NFC-encoded exclude, global-exclude, recursive-exclude, and prune directives and be packed into Python source distributions. Python package maintainers developing on macOS face a supply chain risk: sensitive files such as credentials, private keys, or environment configs that are correctly listed in MANIFEST.in for exclusion may still appear in tarballs published to PyPI or private registries. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Broken access control in AFFiNE (toeverything/AFFiNE monorepo) lets any authenticated workspace member read the edit history of documents they should not access by querying the GraphQL 'histories' field with an arbitrary document GUID. Because the resolver never checks Doc.Read permission, an attacker can enumerate private page timelines and harvest contributor user names, emails, and edit timestamps. No public exploit has been identified at time of analysis, but exploitation is trivial for any low-privileged member.
Insufficient access controls in OpenStack Ironic's parent/child node hierarchy allow authenticated users to access or manipulate resources belonging to nodes outside their authorization scope. Affected objects include Volume Targets and Volume Connectors - which carry iSCSI storage credentials in boot-from-volume deployments - as well as Port and Portgroup objects (hardened as defense-in-depth in the same patch set). No public exploit identified at time of analysis and the CVE carries no CVSS score in the input data, but the exposure of iSCSI credentials in affected environments represents a meaningful lateral-movement risk within bare-metal cloud infrastructure.
Authentication bypass via default credentials in IBM API Connect 12.1.0.0 through 12.1.0.3 lets remote unauthenticated attackers log in with vendor-shipped default credentials during the window before the system forces a credential change on first use. Rated CVSS 9.8 with total confidentiality, integrity, and availability impact, the flaw grants full access to the API management platform. There is no public exploit identified at time of analysis and SSVC reports no observed exploitation, but the low attack complexity and known-credential nature make opportunistic abuse of freshly deployed instances plausible.
Local file inclusion in Repomix's git clone HTTP endpoint lets unauthenticated remote attackers read arbitrary tracked file contents from git repositories on the server's filesystem. The isValidRemoteValue validation in src/core/git/gitRemoteParse.ts does not reject file:// scheme URLs, so a supplied file:///path/to/repo value is passed directly to git clone. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 base score is 8.7 (High) driven by high confidentiality impact with no authentication required.
Authorization collapse in SeaweedFS 4.08-4.33 allows any authenticated low-privileged S3 user to enumerate administrator-owned S3 table bucket names and ARNs via a SigV4 routing flaw. Requests signed with service identifier 'S3Tables' are misrouted to the S3Tables management API, where the authorization logic fails open by collapsing account-less S3 identities into the shared admin account, effectively granting read access to admin-scoped metadata. No public exploit code exists and this CVE is not listed in CISA KEV, but the CVSS vector (PR:L) confirms exploitation requires only a valid low-privilege S3 credential.
Unauthenticated cluster-internal access to TrustyAI Service Operator's gorch and NemoGuardrails deployments is possible when a specific security setting is not explicitly enabled at deployment time. Any workload running within the same Kubernetes or OpenShift cluster can reach these AI guardrail and orchestration service endpoints without presenting credentials, exposing sensitive inference data and enabling limited unauthorized model interactions. No public exploit has been identified at time of analysis, but the low-complexity adjacent attack vector and low-privilege prerequisite make this a realistic lateral movement risk in shared or multi-tenant cluster environments.
Authorization bypass in Harness gitspaces endpoint (versions up to 2.28.2) permits any authenticated remote user to enumerate workspace listings beyond their authorized scope via a flaw in the `getAuthorizedSpaces` function of `app/api/controller/gitspace/list_all.go`. The confidentiality impact is limited to space listing disclosure - no integrity or availability impact is present - but publicly available exploit code (CVSS 4.0 E:P) lowers the exploitation barrier significantly. Vendor has not responded to the responsible disclosure, leaving no patch available at time of analysis.
Access-control bypass in OpenStack Ironic before 37.0.1 lets an Ironic user who is authorized to deploy nodes via the IPMI management interface invoke the send_raw deploy step to issue arbitrary IPMI commands directly to a node's BMC, sidestepping the permission model Ironic normally enforces on management actions. This is an authenticated privilege-boundary flaw (CVSS 8.2, PR:H) affecting bare-metal provisioning environments; no public exploit code has been identified and it is not listed in CISA KEV at time of analysis.
Authentication bypass in Portainer Community Edition (2.39.0-2.39.3 and 2.40.0 through 2.42.x) lets an unauthenticated network attacker seize full administrative control of a freshly deployed, uninitialized instance. During the five-minute post-deployment setup window the /api/restore and /api/users/admin/init endpoints stay reachable without credentials, so an attacker who wins the race can create the first admin account or restore a crafted backup and take over the platform along with every Docker, Swarm, Kubernetes and ACI environment it manages. No public exploit identified at time of analysis and it is not on CISA KEV, but the fix is available in 2.39.4 and 2.43.0.
Symlink extraction bypass in BBOT's unarchive module allows an attacker to plant an attacker-controlled symlink into the extraction directory when BBOT scans and fetches a crafted zip or 7z archive. The bypass exploits BBOT's failure to detect symlink entries carrying a DOS-attribute prefix before the unix mode field, a format produced by legacy p7zip builds - a variant the pre-extraction guard did not account for. Impact is strictly limited to symlink planting (the symlink target is not written through), and exploitation requires the scanning host to be running a legacy p7zip build; no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.
Unproxied metrics port exposure in the gorch service template of trustyai-service-operator (part of Red Hat OpenShift AI) allows any pod on the cluster network to access orchestrator and detector metrics endpoints while bypassing kube-rbac-proxy authentication. The flaw manifests specifically when authentication is enabled - the configuration that should be protective is the same one under which the bypass exists. CVSS PR:L confirms exploitation requires a pod already running on the cluster network, limiting blast radius to actors with at least minimal cluster access. No public exploit code identified and no CISA KEV listing at time of analysis.
Incorrect authorization in MISP versions through 2.5.42 allows authenticated users from restricted organizations to invoke import modules that their organization has been explicitly blocked from using via the Plugin.Import_<module>_restrict configuration. The importModule() function relied on getEnabledModule() - a single-module lookup that lacks per-organisation restriction awareness - rather than the restriction-enforcing getEnabledModules(), creating a logical bypass exploitable by any authenticated user who knows a restricted module's name. Depending on the targeted module and the attacker's event permissions, this can result in unauthorized import or modification of MISP event data; no public exploit exists and this vulnerability is not listed in CISA KEV at time of analysis.
Authorization bypass in MISP's EventsController::importModule() allows authenticated users or read-only API key holders with event view access to persist unauthorized data modifications to events. When an import module returns results in the misp_standard format, the write path skips the modification-rights check applied by all other module result handling paths, allowing a view-only principal to inject or overwrite event content they have no permission to edit. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the integrity impact on shared threat intelligence events is operationally significant for MISP deployments where data provenance and access segregation are critical.
Improper authorization in n8n before 2.28.0 enables authenticated users to assign workflows to folders belonging to foreign projects by supplying crafted payloads during workflow creation. The flaw (CWE-639) bypasses project and folder ownership checks entirely, allowing logical integrity violations across organizational boundaries in multi-project deployments. No active exploitation is confirmed (not in CISA KEV) and no public proof-of-concept code has been identified at time of analysis, though the vendor has released a fix in version 2.28.0.
Authorization bypass in n8n's Public API execution retry endpoint allows authenticated read-only users to trigger workflow executions they should not be permitted to run. The endpoint incorrectly authorizes requests against the workflow:read scope rather than the required workflow:execute scope, collapsing the intended permission boundary between read and execute access. This affects n8n instances before 2.25.7 and 2.26.x before 2.26.2 where workflows are shared across users or projects; no public exploit has been identified at time of analysis, and a vendor patch is available.
{workflowId}/test-runs/new endpoint incorrectly validates the workflow:read scope instead of the required workflow:execute scope, enabling any project-level viewer to invoke the internal workflow runner without execute privileges. This results in unintended outbound API calls and data mutations to downstream connected systems - a meaningful integrity risk in multi-tenant RBAC deployments. No public exploit or CISA KEV listing exists at time of analysis.
Incorrect authorization in n8n's evaluation test-run API endpoints allows authenticated project viewers to perform state-changing operations reserved for users with execute permissions. On Enterprise and Cloud deployments running Advanced Permissions with projects and viewer roles configured, an authenticated project:viewer can start new evaluation test runs, cancel in-flight runs, and delete run records for workflows they have only read access to - bypassing the intended workflow:execute scope gate. No public exploit code or CISA KEV listing exists at time of analysis, but the CVSS 4.0 score of 5.3 (PR:L) reflects the authenticated, low-complexity nature of the flaw.
Webhook signature bypass in n8n's ZendeskTrigger node allows network-adjacent attackers who possess the webhook URL to inject arbitrary data into n8n workflows by sending unsigned POST requests. The ZendeskTrigger node omits the mandatory HMAC-SHA256 verification step that Zendesk's webhook security model requires, treating any inbound POST as a legitimate Zendesk event. This affects n8n v1.x before 1.123.18 and v2.x before 2.6.2; no public exploit or CISA KEV designation has been identified at time of analysis.
Incomplete state management in Capgo's transfer_app() function allows low-privileged authenticated users to retain or cause loss of access to deployment history records across organizations. Specifically, the function fails to update the deploy_history.owner_org field during inter-organization application transfers in all versions before 12.128.2, creating a persistent stale authorization grant. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Cross-tenant bundle deletion in Capgo (Capacitor live/OTA update platform) before 12.128.2 lets holders of an upload-scoped API key rewrite the mutable app_versions.r2_path column through the PostgREST data API, retargeting it at another tenant's Cloudflare R2 objects. By pointing a soft-deleted attacker version at a victim bundle and firing the on_version_update cleanup trigger, an attacker deletes the victim's R2 object, breaking that app's over-the-air update delivery. No public exploit is identified at time of analysis, but the mechanism is fully described and CVSS 4.0 rates availability impact as High (8.7).
Cross-organization authorization bypass in Capgo before 12.128.2 lets a scoped API key (limited_to_orgs) inherit its owner's full user permissions, so an admin holding a write key restricted to one organization can execute destructive operations against a different organization. Because route-level authorization (rbac_check_permission_direct) checks the owner's user privileges before enforcing the key's org scope, a key intended to be confined to Org A can call DELETE /organization or DELETE /organization/members on Org B. No public exploit has been identified at time of analysis; the flaw is documented in a GitHub Security Advisory (GHSA-ccm4-hf72-p28m) and a VulnCheck advisory.
Authorization bypass in Capgo before 12.128.2 lets read-only organization members insert rows into the public.manifest table via a flawed INSERT row-level-security policy, poisoning the OTA update manifests that Capacitor apps fetch. Because these forged entries carry attacker-chosen s3_path values and are served to client devices through the unauthenticated /updates endpoint, a low-privileged insider can steer devices toward malicious update assets. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Policy bypass in Capgo's OTA update enforcement allows holders of app-scoped API keys to downgrade encrypted app bundles to an unencrypted state by directly manipulating the app_versions table through PostgREST. Affected versions are all Capgo releases prior to 12.128.2. An attacker in possession of an app-scoped 'all' API key can nullify organization-level encrypted-bundle policies, silently stripping the cryptographic protections applied to over-the-air mobile updates and enabling distribution of unencrypted bundles to end-user devices. No public exploit code exists and this vulnerability has not been listed in the CISA KEV catalog at time of analysis.
Improper authorization enforcement in Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6, plus LTS branches 8.6.1.0-8.6.1.10, 8.3.1.0-8.3.1.30, and 7.13.1.0-7.13.1.70) allows a low-privileged, remote authenticated attacker to reach resources or actions beyond their assigned role, resulting in unauthorized access. Rated CVSS 8.8 (High) with high confidentiality, integrity, and availability impact and low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the low barrier to exploitation for any existing account makes this a meaningful escalation risk on these backup appliances.
Missing authentication in Dgraph Alpha lets an unauthenticated network client destroy and overwrite an entire database group's data via the external-snapshot import RPCs exposed on the public gRPC port :9080. Any attacker able to reach port 9080 can open a StreamExtSnapshot session; because the receiver calls Prepare() before ingesting the stream, the existing store is deleted and replaced with attacker-supplied Badger data. Fixed in version 25.3.5; no public exploit identified at time of analysis.
Insecure Direct Object Reference in weDevs WP User Frontend plugin (all versions ≤4.3.1) allows unauthenticated network attackers to activate a free subscription tier on behalf of any registered WordPress user by supplying an arbitrary user_id to the payment_page() function, silently overwriting existing paid subscriptions and revoking premium access. The root cause is a missing authorization check on a user-controlled key (CWE-639), and because WordPress user IDs are sequential integers trivially enumerable via the REST API, this is exploitable at scale with no authentication or user interaction. No public exploit has been identified at time of analysis, but the zero-privilege, low-complexity attack path makes this straightforward to weaponize against any site monetizing through this plugin's membership features.
Payment amount manipulation in the LatePoint Calendar Booking plugin for WordPress (versions up to and including 5.4.0) lets unauthenticated attackers finalize bookings while paying an arbitrary amount. The Stripe Connect payment processor trusts a client-supplied PaymentIntent ID, so an attacker can replay a previously succeeded PaymentIntent token to satisfy the payment check. No public exploit identified at time of analysis, and the flaw is not in CISA KEV.
Privilege escalation via Insecure Direct Object Reference in the WCFM Membership (WooCommerce Memberships for Multivendor Marketplace) WordPress plugin versions up to and including 2.11.10 lets authenticated users holding at least vendor-level access manipulate the 'wcfmvm_membership_change' AJAX action to reassign any user's account to the 'wcfm_vendor' role by altering their membership plan. Because the action never checks whether the caller is authorized to modify the targeted user, a low-privileged marketplace vendor can tamper with arbitrary accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the high CVSS of 8.1 and network-reachable authenticated vector make it a meaningful multivendor-store risk.
Authentication bypass in Dassault Systèmes DELMIA Apriso (Release 2020 through Release 2026) lets remote unauthenticated attackers obtain privileged access to the manufacturing operations server, consistent with the CVSS PR:N/UI:N metrics. Rated CVSS 9.8 (C:H/I:H/A:H), it exposes shop-floor and production-control functions to full compromise. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Authorization bypass in the WP Learn Manager WordPress plugin (all versions through 1.1.8) lets unauthenticated attackers install and activate arbitrary plugins from the WordPress.org repository on a vulnerable site. The flaw stems from AJAX handlers that fail to verify a caller's authorization, and Wordfence rates it CVSS 9.8. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, low-complexity nature makes it a high-priority patch target.
Authorization bypass in the User Management WordPress plugin (versions ≤ 1.2) permits unauthenticated network attackers to overwrite the plugin's export field configuration stored in the uiewp_export_field WordPress option, determining which user fields - including password hashes - are bundled into CSV exports and how columns are interpreted during user imports. Reported by Wordfence, the flaw stems from CWE-862 (Missing Authorization), meaning the plugin performs no privilege check before accepting these writes. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the ability to preconfigure exports to surface password hashes represents a meaningful secondary confidentiality risk beyond the raw CVSS 5.3 Medium score.
Authentication bypass in the DoLogin Security plugin for WordPress (all versions through 4.3) lets remote attackers forge passwordless magic-link tokens and log in as any user, including administrators. The 32-character token is generated by seeding the Mersenne Twister PRNG (mt_srand) with a value derived from microtime() that carries only ~20 bits of entropy, so the entire token is a deterministic function of a ~10^6-value seed space that can be brute-forced offline. No public exploit identified at time of analysis, but the flaw was reported by Wordfence and the vulnerable code paths are cited directly in the WordPress plugin repository.
Cross-tenant credential disclosure in WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to enumerate domains belonging to other tenants through the XML-RPC API, because ownership checks are applied only to certain lookup filters and schema validation is skipped for legacy protocol versions. Because affected FTP credentials are stored in cleartext, an attacker retrieves another tenant's FTP password and can pivot to executing code as that tenant's system user. No public exploit has been identified at time of analysis, but the flaw was reported via HackerOne and carries a CVSS 9.9 rating.
Kiosk restriction bypass in the Code 27 Companion Hub allows an attacker with physical device access to perform a factory reset that completely circumvents the kiosk protection mechanism, granting full control over the device. The flaw (CWE-288) represents a protection mechanism failure where an alternate path - the factory reset function - is not gated by the same access controls as the restricted kiosk environment. A publicly available proof-of-concept exploit exists on GitHub, and while SSVC rates exploitation status as none and EPSS sits at 0.21% (11th percentile), the availability of working exploit code lowers the barrier for opportunistic physical-access attacks.
Cross-namespace privilege escalation in goploy (zhenorzz/goploy through 1.17.5 and develop HEAD) lets any authenticated user holding the low-privilege `manager` role in their own namespace read, overwrite, plant, or delete project files in ANY other tenant's project, and rewrite any project's git remote URL, because the `/project/addFile`, `/project/editFile`, `/project/removeFile`, and `/project/edit` handlers act on body-supplied project/file row ids without verifying the target belongs to the caller's namespace. The rewritten git remote escalates to remote code execution on the next deploy, when goploy runs `git remote set-url origin <attacker-url>` and pulls attacker-controlled code under the goploy service account. A detailed proof-of-concept exists demonstrating all four primitives against the published Docker image, though no active exploitation has been reported.
Cluster-level RBAC bypass in Kite (github.com/zxh326/kite) v0.12.2 allows any authenticated user to retrieve aggregate inventory and capacity data from Kubernetes clusters they are not authorized to access. By supplying an arbitrary cluster name in the `x-cluster-name` header, a low-privileged user scoped to one cluster can enumerate node counts, pod counts, namespace counts, service counts, and CPU/memory resource totals from other configured clusters. No public exploit identified at time of analysis, though the reporter provided and validated a working Go proof-of-concept test demonstrating the bypass.
Broken object-level authorization in Cap's GET /api/video/ai endpoint lets any authenticated user supply arbitrary video IDs to read private AI-generated metadata - titles, summaries, and chapters - belonging to other users, and to trigger unauthorized AI generation that burns the victim's credits. Reported by VulnCheck with a vendor patch (commit 8d48642) available; no public exploit identified at time of analysis, and EPSS/KEV data were not supplied. The flaw combines confidentiality loss over private content with an abusable, cost-incurring side effect.
Unauthenticated data theft, tampering, and denial-of-service affects mem0's OpenMemory API server (openmemory/api component), where several API routers are mounted without any authentication middleware. Because CVSS 4.0 vector shows PR:N and CWE-306 (Missing Authentication for a Critical Function), remote attackers can pass arbitrary user_id values to read, overwrite, or delete any user's stored memories, and can trigger a global pause to break the service for everyone. Reported by VulnCheck with a vendor patch commit available; no public exploit identified at time of analysis and not listed in CISA KEV.
Row-level authorization bypass in Hasura GraphQL Engine prior to versions 2.49.2 and 2.45.5 permits low-privileged authenticated users to infer the contents of rows their role's permissions should suppress. By submitting crafted where-clause predicates against table computed fields returning SETOF results, an attacker exploits the query response as a boolean oracle - iteratively reconstructing protected column values through binary-search-style probing without ever directly retrieving the restricted rows. No public exploit has been identified at time of analysis; the CVSS 4.0 score of 6.0 with VC:H reflects meaningful confidentiality exposure specifically in deployments relying on row-level security as a data boundary.
Broken object-level authorization in FastGPT before 4.15.0 lets any authenticated user retrieve another team's LLM interaction traces via GET /api/core/ai/record/getRecord. The endpoint verifies the caller is logged in but fetches records solely by requestId without checking team ownership, exposing cross-tenant prompts, retrieved RAG chunks, and model completions to any user who can guess or obtain a valid requestId. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but exploitation requires only a low-privilege account and knowledge of a target requestId.
Cross-tenant file disclosure in FastGPT prior to v4.15.0-beta5 allows an attacker to read another team's stored files by supplying that team's S3 object key to the chat-file presign or dataset preview endpoints. The handlers authorize an unrelated resource but then sign or read the S3 object using a request-supplied key without verifying tenant ownership, so global bucket keys become an IDOR primitive. No public exploit code has been identified at time of analysis, though the upstream fix (PR #7104 / commit decb6d2) reveals the exact vulnerable code path.
Cross-organization authorization bypass in Grafana OSS and Enterprise allows an authenticated Org Admin to delete public dashboards owned by a different organization by supplying the target dashboard's identifiers to the deletion endpoint. The missing tenant-isolation check on the delete operation means any Org Admin - regardless of their organizational scope - can reach and destroy dashboards across organizational boundaries. No public exploit has been identified at time of analysis, and the low CVSS score of 3.1 reflects the constrained impact and prerequisite of an existing Org Admin credential.
Sensitive information disclosure and server-side request forgery in mem0's self-hosted server let unauthenticated remote attackers steal stored LLM provider credentials and pivot into internal infrastructure. Because the /api/v1/config/ endpoints require no authentication (CWE-306), an attacker can GET plaintext secrets such as OpenAI API keys and PUT a malicious ollama_base_url to coerce the server into requesting internal-only addresses like cloud instance metadata (IMDS). CVSS 4.0 rates this 9.2 (Critical); there is no public exploit identified at time of analysis, but the attack is trivial and reported by VulnCheck.
Single-use authorization-code enforcement can be bypassed under concurrency in the better-auth OAuth provider (@better-auth/oauth-provider 1.6.0 through 1.6.10, the embedded plugin in better-auth 1.4.8-beta.7 through 1.6.10, and the legacy oidc-provider and mcp plugins). Because the POST /oauth2/token authorization_code grant redeems the code via a non-atomic find-then-delete, two concurrent requests carrying the same code both pass the read step and each mint a fresh access, refresh, and id token for the original user's scope. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor rates it CVSS 4.0 7.6 (High) with high confidentiality and integrity impact.
Refresh-token family forking in better-auth's OAuth provider plugin (@better-auth/oauth-provider 1.6.0–1.6.10, and embedded in better-auth 1.4.8-beta.7–1.5.x) lets a race condition on the /oauth2/token refresh_token grant split one parent refresh token into multiple valid child families, defeating RFC 9700 reuse detection. An attacker holding a stolen refresh token who times two concurrent redemptions can obtain a persistent, independently-rotating branch that survives revocation of the legitimate user's branch and never trips family-invalidation. No public exploit is identified at time of analysis and the flaw is not listed in CISA KEV, but the security impact is indefinite unauthorized access plus detection bypass at the victim's full authorization scope.
Pre-account-hijacking in the better-auth Node/TypeScript authentication library (versions < 1.6.11 on the stable line and all current `next` pre-releases) lets an unauthenticated attacker seize a victim's account by pre-registering the victim's email via `/sign-up/email`, then having the victim's later OAuth/SSO sign-in implicitly linked to the attacker's row. The result is a single account the attacker controls with a working password login plus the victim's OAuth identity, and the link-time verification flip defeats `requireEmailVerification: true`. No public exploit identified at time of analysis; not listed in CISA KEV, though the flaw is the same class as Microsoft nOAuth (2023) and the Sign in with Apple JWT flaw (2020).
Privilege escalation and account/organization takeover in the better-auth Node/TypeScript library affects applications using the organization plugin with unverified email sign-up enabled (emailAndPassword without requireEmailVerification). Because acceptInvitation treats a plain email-string match as proof of address ownership, an attacker who pre-registers an unverified account keyed to a victim's address and obtains a leaked invitationId can accept an admin's invitation and join the organization at the invited role. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but the mechanism is fully documented in the vendor advisory (GHSA-fmh4-wcc4-5jm3).
Privilege escalation via broken authorization in Actual (self-hosted open-source budgeting app) before 26.7.0 lets any shared user holding only user_access on a budget file invoke owner-only file-management endpoints. Because requireFileAccess treats ordinary shared access as sufficient, a low-privileged collaborator can call /delete-user-file, /reset-user-file, and /user-create-key to destroy or reset another user's budget data or rotate its encryption key. No public exploit is identified at time of analysis, and it is not in CISA KEV.
Remote code execution in the Oraios Serena MCP coding toolkit (prior to v1.5.2) lets a malicious webpage hijack a developer's local coding agent via DNS rebinding. Serena's built-in web dashboard runs an unauthenticated Flask API on a fixed, predictable port with no auth, no CSRF protection, and no Host-header validation, so any site the victim visits while Serena is running can write attacker-controlled content into the agent's persistent memory store; because the agent autonomously reads that memory and can invoke execute_shell_command with shell=True, this chains to code execution on the developer's machine. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.
Insecure Direct Object Reference in DataEase before 2.10.24 lets a holder of any valid share-link token retrieve arbitrary datasets by tampering with the request body. The share-mode chart endpoint POST /de2api/chartData/getData validates only that sceneId matches the resourceId bound to the link token, but never checks that the supplied tableId and field IDs belong to the shared resource, so an attacker can swap in identifiers for datasets they were never granted. No public exploit is identified at time of analysis, but the flaw is trivially exploitable by anyone already given a legitimate share link.
Authentication bypass in DataEase open-source BI platform before 2.10.24 lets unauthenticated remote attackers who know a protected share UUID retrieve a valid X-DE-LINK-TOKEN from the /de2api/share/proxyInfo endpoint, because the token is issued before the share password or ticket is checked. With that token an attacker can call subsequent share APIs and read data behind password-protected dashboards without valid credentials. No public exploit identified at time of analysis; the flaw is fixed in 2.10.24.
Instance-wide LLM configuration hijacking in Cognee before 1.2.0 lets any remote attacker self-register a normal account and overwrite the global LLM provider settings through the /api/v1/settings endpoint, which performs no admin or superuser authorization check. Because the configuration is held in a process-wide singleton cache, a single call redirects every user's LLM operations to an attacker-controlled endpoint, exfiltrating prompts, uploaded documents, extracted entities, and knowledge-graph content. This is confirmed publicly available exploit code exists (reported by VulnCheck, with a released vendor patch in v1.2.0), and the CVSS 4.0 score is 9.3 (Critical).
Authentication bypass in DataEase before 2.10.24 lets remote attackers forge valid share-link JWTs because ShareSecretManage ships with a hardcoded signature key (link-pwd-fit2cloud). An attacker who has obtained any passwordless share can mint linkToken JWTs that pass TokenFilter verification and access backend resources as the original share creator, even after that share has been revoked. There is no public exploit identified at time of analysis, but the hardcoded key is disclosed in the advisory, making forgery trivial once the signing algorithm is known.
Broken access control in DataEase before 2.10.24 lets any authenticated low-privilege user reach the /de2api/datasetData/previewSql endpoint, which is missing its mandatory @DePermit authorization check, and pass datasourceId=-1 to hit the built-in engine database and execute arbitrary SQL. This CWE-862 missing-authorization flaw exposes sensitive core application data and carries a CVSS 4.0 base score of 8.7 (High). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
{id} route is explicitly whitelisted from authentication, exported data files can be pulled by fully unauthenticated remote attackers, matching the vendor's CVSS 4.0 PR:N rating (8.7, High). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial ID-enumeration attack pattern makes exploitation straightforward once the endpoint is reachable.
Confidential-client impersonation in better-auth below 1.6.11 lets an attacker who holds any leaked refresh_token and the public client_id mint fresh access tokens and rotated refresh tokens indefinitely. The deprecated oidcProvider() and mcp() plugins expose an OAuth 2.0 token endpoint whose refresh_token grant authenticates solely on the bound refresh-token row plus a matching client_id, never verifying the registered client_secret - a regression, since the same plugins' authorization_code grant does enforce the secret. No public exploit identified at time of analysis; the flaw was reported by @subhanUmer and fixed by the maintainers, with no CISA KEV listing or EPSS score supplied in the input.
Chevereto's `/json` AJAX listing endpoint fails to enforce the private profile access control that the HTML profile route correctly applies, exposing user images and usernames to unauthenticated callers. Versions 3.7.5 through 4.5.3 are affected across both the commercial Chevereto product and the Chevereto Free (rodber/chevereto-free) variant. An unauthenticated attacker who knows a target's numeric user ID can bypass the privacy setting to retrieve all publicly-scoped media and recover the username the victim explicitly chose to hide. No public exploit is identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Unauthorized portfolio data exposure in Ghostfolio's public API allows anyone holding a private access ID to read another user's full portfolio through the GET /api/v1/public/:accessId/portfolio endpoint. The endpoint accepts private access IDs without enforcing the granteeUserId filter, so holdings, quantities, buy prices, and performance metrics are returned without authentication. This is an authorization (broken access control) flaw with high confidentiality impact and no known public exploit at time of analysis.
Improper access control in Joomla! CMS's com_media webservice endpoints allows privileged users to overwrite media files even when they lack explicit editing permissions. The flaw affects two active release lines - 4.1.0 through 5.4.6 and 6.0.0 through 6.1.1 - and is confirmed by the Joomla Security Centre. The CVSS 4.0 vector (SC:H/SI:H/SA:H) indicates that while the direct impact on the vulnerable system is limited (VI:L), successful exploitation can cascade into high-impact consequences on the broader site or dependent systems. No public exploit or CISA KEV listing has been identified at time of analysis.
Incorrect access control in Joomla! CMS exposes com_fields REST API webservices endpoints to users who lack the required permissions, allowing them to create custom field definitions that should be restricted to higher-privileged roles such as Manager or Administrator. The flaw originates from a missing or incorrectly evaluated ACL check in the webservices layer and is confirmed by Joomla's own Security Centre in advisory 20260712. No public exploit has been identified at time of analysis, though the CVSS scope-change metrics indicate potential for significant downstream impact to site content and dependent integrations if unauthorized field definitions are used to inject malicious markup.
Unauthorized access to workflow stage and transition data in Joomla! CMS is possible due to an improper access check in the com_workflow component (CWE-284), allowing authenticated users who lack the necessary workflow management permissions to read internal content publication configuration. The CVSS 4.0 vector assigns high subsequent-system impacts (SC:H/SI:H/SA:H), suggesting the vendor assessed this metadata exposure as a meaningful enabler of broader content pipeline compromise. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Incorrect access control in Joomla! CMS's com_modules component exposes the module listing interface to frontend users who should not have visibility into installed modules. The flaw stems from CWE-284 (Improper Access Control), where the frontend fails to enforce sufficient privilege checks before returning module enumeration data. No public exploit or CISA KEV listing has been identified at time of analysis, and the EPSS score is not provided in source data, but the CVSS 4.0 score of 6.4 reflects meaningful subsequent-system impact potential stemming from reconnaissance value of the disclosed module inventory.
Improper access control in Joomla! CMS exposes com_privacy component webservice endpoints to users lacking the required authorization, allowing unauthorized reads of GDPR/privacy datasets. The flaw is classified as CWE-284 and impacts downstream systems at high severity per the vendor-supplied CVSS 4.0 vector, despite requiring high privileges on the vulnerable system itself - a tension that suggests role-boundary bypass rather than fully unauthenticated access. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Improper access control in Joomla! CMS com_contact component exposes restricted contact records via vcard (VCF) export to authenticated users who should not have access. Affecting versions 3.0.0 through 5.4.6 and 6.0.0 through 6.1.1, the flaw allows an authenticated user to bypass access restrictions and download vcard exports of contacts that have been explicitly restricted from their view. No public exploit code or active exploitation has been identified at time of analysis, but the wide deployment footprint of Joomla and the breadth of affected versions (spanning both the 3.x/5.x and 6.x branches) make patching a priority for sites using the com_contact component.
Missing authentication in Esri Portal for ArcGIS 12.1 and earlier (Windows, Linux, and Kubernetes deployments) exposes a critical API endpoint that a remote, unauthenticated attacker can reach directly, bypassing access controls to interact with functionality that should require an authenticated session. Esri rates this critical (CVSS 9.8) and disclosed it in its June 2026 ArcGIS security bulletin; no public exploit identified at time of analysis and it is not listed in CISA KEV. Because the exposed function is an administrative/portal API reachable over the network with no credentials, successful access could lead to disclosure or manipulation of portal content and configuration.
Account takeover in Esri Portal for ArcGIS 12.1 and earlier (Windows, Linux, and Kubernetes) stems from a weak forgotten-password recovery mechanism (CWE-640) that a remote, unauthenticated attacker can manipulate to assume ownership of another user's account. The flaw carries a CVSS 9.8 rating because it is network-reachable with no authentication or user interaction, yielding full compromise of confidentiality, integrity, and availability of the targeted account. There is no public exploit identified at time of analysis and EPSS is low (0.22%, 13th percentile), and CISA's SSVC framework records exploitation as none, indicating no observed in-the-wild activity despite the critical score.
GStreamer's webrtcbin component accepts remote SDP offers and answers that are missing the required a=fingerprint attribute due to an inverted boolean logic check in _check_sdp_crypto(), undermining the DTLS certificate fingerprint binding that protects WebRTC media streams from interception. An attacker already positioned as a man-in-the-middle on the WebRTC signaling channel can strip the a=fingerprint attribute from SDP messages, which the vulnerable code then incorrectly accepts, allowing the attacker to substitute their own DTLS certificate and intercept or tamper with encrypted media. No public exploit code exists and no CISA KEV listing has been issued; however, the flaw is architecturally significant because it silently voids a key WebRTC security guarantee rather than causing an obvious crash.
Quick Facts
- Typical Severity
- CRITICAL
- Category
- auth
- Total CVEs
- 31261