CWE-288— Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.— MITRE CWE catalog
581 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-288page 11 of 12
- CVE-2026-33543CRITICALCVSS 9.3EG 9.32026-06-24
FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, th…
- CVE-2026-33843CRITICALCVSS 9.1EG 9.12026-05-26
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-33950CRITICALCVSS 9.4EG 9.42026-04-02
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain f…
- CVE-2026-34040HIGHCVSS 7.8EG 8.82026-03-31
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
- CVE-2026-34581HIGHCVSS 8.1EG 8.12026-04-02
goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. Th…
- CVE-2026-3461CRITICALCVSS 9.8EG 9.82026-04-15
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on …
- CVE-2026-35087CRITICALCVSS 9.3EG 9.32026-05-27
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.…
- CVE-2026-35090CRITICALCVSS 9.3EG 9.32026-05-27
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain f…
- CVE-2026-35422MEDIUMCVSS 6.5EG 6.52026-05-12
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
- CVE-2026-35634MEDIUMCVSS 5.1EG 5.12026-04-09
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers …
- CVE-2026-35642MEDIUMCVSS 4.3EG 4.32026-04-09
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible syste…
- CVE-2026-35647MEDIUMCVSS 5.3EG 5.32026-04-10
OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by …
- CVE-2026-35654MEDIUMCVSS 5.3EG 5.32026-04-10
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows unauthorized senders to record session feedback. Attackers can bypass sender allowlist checks via feedback invoke endp…
- CVE-2026-35661MEDIUMCVSS 5.3EG 5.32026-04-10
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weak…
- CVE-2026-35664MEDIUMCVSS 5.3EG 5.32026-04-10
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and…
- CVE-2026-36028MEDIUMCVSS 6.8EG 6.82026-07-08
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset
- CVE-2026-3605HIGHCVSS 8.1EG 8.12026-04-17
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user …
- CVE-2026-36175MEDIUMCVSS 6.8EG 6.82026-06-04
An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments.
- CVE-2026-39450HIGHCVSS 7.1EG 7.12026-06-15
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
- CVE-2026-40022HIGHCVSS 8.2EG 8.22026-04-27
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.pat…
- CVE-2026-40582CRITICALCVSS 9.1EG 9.12026-04-18
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow th…
- CVE-2026-40621CRITICALCVSS 9.8EG 9.82026-05-13
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.
- CVE-2026-40630CRITICALCVSS 9.8EG 9.82026-04-24
A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypa…
- CVE-2026-40780HIGHCVSS 7.5EG 7.52026-06-02
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1.
- CVE-2026-40781HIGHCVSS 7.5EG 7.52026-06-15
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
- CVE-2026-40785HIGHCVSS 7.1EG 7.12026-06-15
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
- CVE-2026-40790MEDIUMCVSS 6.5EG 6.52026-06-15
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
- CVE-2026-40799MEDIUMCVSS 5.8EG 5.32026-06-15
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
- CVE-2026-41059HIGHCVSS 8.2EG 8.22026-04-22
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of `s…
- CVE-2026-41308MEDIUMCVSS 6.5EG 6.52026-05-08
Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a gene…
- CVE-2026-42300CRITICALCVSS 9.3EG 9.32026-05-12
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when…
- CVE-2026-42303MEDIUMCVSS 6.1EG 6.12026-05-12
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an admini…
- CVE-2026-42378MEDIUMCVSS 6.5EG 6.52026-06-15
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
- CVE-2026-42411HIGHCVSS 8.1EG 8.12026-06-15
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
- CVE-2026-42629HIGHCVSS 8.8EG 8.82026-06-17
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
- CVE-2026-42654HIGHCVSS 7.1EG 7.12026-06-02
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5.
- CVE-2026-42668HIGHCVSS 7.5EG 7.52026-06-15
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.
- CVE-2026-42735HIGHCVSS 8.2EG 8.22026-05-27
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.
- CVE-2026-42745HIGHCVSS 7.3EG 7.32026-05-27
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
- CVE-2026-42749HIGHCVSS 7.1EG 7.12026-05-27
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post …
- CVE-2026-42760HIGHCVSS 7.5EG 7.52026-05-27
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/…
- CVE-2026-4320CRITICALCVSS 9.3EG 9.32026-05-18
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running…
- CVE-2026-44574HIGHCVSS 8.1EG 8.12026-05-13
Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployme…
- CVE-2026-44575HIGHCVSS 7.5EG 7.52026-05-13
Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through …
- CVE-2026-45109HIGHCVSS 7.5EG 7.52026-05-13
Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed…
- CVE-2026-45217MEDIUMCVSS 6.5EG 6.52026-05-25
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through …
- CVE-2026-4524MEDIUMCVSS 6.5EG 6.52026-05-14
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public pr…
- CVE-2026-45577MEDIUMCVSS 6.9EG 6.92026-05-18
Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In…
- CVE-2026-4700CRITICALCVSS 9.8EG 9.82026-03-24
Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- CVE-2026-47200MEDIUMCVSS 5.3EG 5.32026-05-29
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experim…
Map vulnerabilities like CWE-288 to your infrastructure
EchelonGraph correlates every CVE — across CWE-288 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →