CWE-290— Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.— MITRE CWE catalog
601 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-290page 11 of 13
- CVE-2026-13984MEDIUMCVSS 4.3EG 4.32026-06-30
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13985MEDIUMCVSS 6.5EG 6.52026-06-30
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14118MEDIUMCVSS 6.5EG 6.52026-07-01
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severit…
- CVE-2026-14381MEDIUMCVSS 6.5EG 6.52026-07-02
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-2032MEDIUMCVSS 4.3EG 4.32026-02-16
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for…
- CVE-2026-21862HIGHCVSS 7.5EG 7.52026-02-03
RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so an…
- CVE-2026-21894MEDIUMCVSS 6.5EG 6.52026-01-08
n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe we…
- CVE-2026-22199HIGHCVSS 7.5EG 5.32026-03-13
Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory tr…
- CVE-2026-22734HIGHCVSS 8.6EG 8.62026-04-17
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA ac…
- CVE-2026-22797CRITICALCVSS 9.9EG 9.92026-01-19
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication he…
- CVE-2026-24000MEDIUMCVSS 5.3EG 5.32026-05-14
Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoo…
- CVE-2026-24013CRITICALCVSS 9.1EG 9.12026-07-06
Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSe…
- CVE-2026-24270CRITICALCVSS 9.8EG 9.82026-07-01
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tamperi…
- CVE-2026-24372HIGHCVSS 7.5EG 7.52026-03-25
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through <= 1.8.10.
- CVE-2026-24853HIGHCVSS 8.1EG 8.12026-02-13
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting …
- CVE-2026-24899HIGHCVSS 7.5EG 7.52026-05-14
Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures u…
- CVE-2026-25119HIGHCVSS 7.7EG 7.72026-06-22
Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured authentication header (default: X-WEBAUTH-USER) directly from client requests without validat…
- CVE-2026-25660CRITICALCVSS 9.8EG 9.82026-04-24
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows as…
- CVE-2026-25938CRITICALCVSS 9.8EG 9.82026-02-09
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the…
- CVE-2026-27089HIGHCVSS 7.5EG 7.52026-06-15
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
- CVE-2026-2800CRITICALCVSS 9.8EG 9.82026-02-24
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- CVE-2026-28954HIGHCVSS 7.5EG 7.52026-05-11
A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks.
- CVE-2026-32014HIGHCVSS 8.0EG 8.02026-03-19
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node…
- CVE-2026-32045MEDIUMCVSS 5.9EG 5.92026-03-21
OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to…
- CVE-2026-32229MEDIUMCVSS 6.8EG 6.82026-03-11
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
- CVE-2026-32492MEDIUMCVSS 5.3EG 5.32026-03-25
Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.
- CVE-2026-33175HIGHCVSS 8.8EG 8.82026-04-03
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email addre…
- CVE-2026-33433HIGHCVSS 8.8EG 8.82026-03-27
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated …
- CVE-2026-34025MEDIUMCVSS 5.3EG 5.32026-06-15
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, b…
- CVE-2026-34457CRITICALCVSS 9.1EG 9.12026-04-14
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an auth_request-style inte…
- CVE-2026-34778MEDIUMCVSS 5.9EG 5.92026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal …
- CVE-2026-35622MEDIUMCVSS 5.9EG 5.92026-04-09
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authenticati…
- CVE-2026-35656MEDIUMCVSS 6.5EG 6.52026-04-10
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote attackers can inject forged forwarding …
- CVE-2026-36537CRITICALCVSS 9.8EG 9.82026-06-15
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By ma…
- CVE-2026-3902HIGHCVSS 7.5EG 7.52026-04-07
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to …
- CVE-2026-39309MEDIUMCVSS 5.5EG 5.52026-05-20
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing…
- CVE-2026-39411MEDIUMCVSS 5.0EG 5.02026-04-08
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated,…
- CVE-2026-39419LOWCVSS 3.1EG 3.12026-04-14
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UU…
- CVE-2026-39858CRITICALCVSS 10.0EG 10.02026-04-30
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traef…
- CVE-2026-39959HIGHCVSS 7.1EG 7.12026-04-09
Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust…
- CVE-2026-39999CRITICALCVSS 9.1EG 9.12026-06-19
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. U…
- CVE-2026-40460MEDIUMCVSS 6.5EG 6.52026-05-13
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which …
- CVE-2026-40575CRITICALCVSS 9.1EG 9.12026-04-22
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-au…
- CVE-2026-42354CRITICALCVSS 9.1EG 9.12026-05-08
Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over…
- CVE-2026-42602HIGHCVSS 8.1EG 8.12026-05-13
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configur…
- CVE-2026-42662MEDIUMCVSS 6.5EG 6.52026-06-15
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.
- CVE-2026-42674HIGHCVSS 7.5EG 7.52026-06-01
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL... Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Ac…
- CVE-2026-44118HIGHCVSS 7.8EG 7.82026-05-06
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sen…
- CVE-2026-44183CRITICALCVSS 9.8EG 9.82026-05-12
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entr…
- CVE-2026-44649CRITICALCVSS 9.8EG 9.82026-05-29
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authel…
Map vulnerabilities like CWE-290 to your infrastructure
EchelonGraph correlates every CVE — across CWE-290 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →