CWE-441— Unintended Proxy or Intermediary (Confused Deputy)
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.— MITRE CWE catalog
91 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-441page 2 of 2
- CVE-2025-48570HIGHCVSS 7.8EG 7.82026-06-01
In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. Us…
- CVE-2025-48586HIGHCVSS 7.8EG 7.82025-12-08
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. Use…
- CVE-2025-48598MEDIUMCVSS 6.6EG 6.62025-12-08
In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction …
- CVE-2025-48628HIGHCVSS 7.8EG 7.82025-12-08
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction …
- CVE-2025-48710MEDIUMCVSS 4.1EG 4.12025-06-04
kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controll…
- CVE-2025-61780MEDIUMCVSS 5.3EG 5.82025-10-10
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as N…
- CVE-2025-62718CRITICALCVSS 9.9EG 9.92026-04-09
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trail…
- CVE-2025-64123CRITICALCVSS 9.8EG 9.82026-01-02
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
- CVE-2025-64125CRITICALCVSS 9.4EG 9.42026-01-03
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.
- CVE-2025-66415MEDIUMCVSS 5.4EG 5.42025-12-01
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for spe…
- CVE-2025-68667CRITICALCVSS 9.9EG 9.92025-12-23
Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. Af…
- CVE-2025-68944MEDIUMCVSS 5.0EG 5.02025-12-26
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
- CVE-2026-0098HIGHCVSS 7.8EG 7.82026-06-01
In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interact…
- CVE-2026-12879MEDIUMCVSS 5.9EG 5.92026-07-09
An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 1…
- CVE-2026-23751CRITICALCVSS 9.8EG 9.82026-04-23
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and …
- CVE-2026-24470HIGHCVSS 8.1EG 8.12026-01-26
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes t…
- CVE-2026-24471CRITICALCVSS 9.3EG 9.32026-02-02
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room (rejec…
- CVE-2026-27124MEDIUMCVSS 6.1EG 6.12026-04-03
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, i…
- CVE-2026-3160MEDIUMCVSS 5.8EG 5.82026-05-14
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project …
- CVE-2026-36608HIGHCVSS 8.8EG 8.82026-06-03
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An u…
- CVE-2026-39906CRITICALCVSS 10.0EG 10.02026-04-14
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a …
- CVE-2026-39961MEDIUMCVSS 6.8EG 6.82026-04-09
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any o…
- CVE-2026-41365MEDIUMCVSS 5.4EG 5.42026-04-28
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering r…
- CVE-2026-42043CRITICALCVSS 10.0EG 7.22026-04-24
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completel…
- CVE-2026-42313HIGHCVSS 8.3EG 8.32026-05-11
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand…
- CVE-2026-44494HIGHCVSS 8.7EG 8.72026-05-29
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's depende…
- CVE-2026-44992MEDIUMCVSS 5.0EG 5.02026-05-11
OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled ori…
- CVE-2026-45003MEDIUMCVSS 5.0EG 5.02026-05-11
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setti…
- CVE-2026-45182LOWCVSS 2.2EG 2.22026-05-09
GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP traffic on its beh…
- CVE-2026-46592HIGHCVSS 7.5EG 7.52026-07-06
Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName …
- CVE-2026-47122MEDIUMCVSS 4.2EG 4.22026-05-29
Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection ## Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast it…
- CVE-2026-48522MEDIUMCVSS 4.2EG 4.22026-05-28
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandl…
- CVE-2026-49086MEDIUMCVSS 6.5EG 6.52026-07-06
Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer (DaprPubSubConsumer) copied two fields from each inbound CloudEvent - its P…
- CVE-2026-49821HIGHCVSS 7.7EG 7.72026-06-10
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying…
- CVE-2026-50169MEDIUMCVSS 6.1EG 6.12026-06-15
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package comprom…
- CVE-2026-53931MEDIUMCVSS 6.9EG 6.92026-06-17
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension a…
- CVE-2026-55430MEDIUMCVSS 6.8EG 6.82026-07-06
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from `httpapi.RequestHost()` which prefers the `X-…
- CVE-2026-56675HIGHCVSS 8.3EG 8.32026-07-10
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 cause…
- CVE-2026-6993MEDIUMCVSS 5.3EG 5.32026-04-25
A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended in…
- CVE-2026-7381CRITICALCVSS 9.1EG 9.12026-04-29
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if…
- CVE-2026-9595MEDIUMCVSS 4.3EG 4.32026-06-15
Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin he…
Map vulnerabilities like CWE-441 to your infrastructure
EchelonGraph correlates every CVE — across CWE-441 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →