CVEbaza.plCWE DictionaryCWE-288
Common Weakness Enumeration

CWE-288

Authentication Bypass Using an Alternate Path or Channel

Category: BaseCVE: 587
Description

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

CVE vulnerabilities with CWE-288 (587)
10.0
CVSS
CRITICAL
CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresses its resources by URL path segments that the caller chooses (/api/v1/{tenant}/flows/{namespace}, /api/v1/{tenant}/executions/{namespace}/{id}, /api/v1/{tenant}/namespaces/{namespace}/kv/{key}). An anonymous caller picks the literal configs as the final segment, and the request bypasses Basic-Auth entirely. Because the bypass reaches the flow-create and execution-trigger routes, an unauthenticated caller creates a flow containing a Shell or Process task and runs it. The task executes as root inside the kestra container. The official docker-compose.yml mounts /var/run/docker.sock, so root in the container reaches the host Docker daemon. This vulnerability is fixed in 1.0.45 and 1.3.21.

pub. 2026-06-26
10.0
CVSS
CRITICAL
CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

pub. 2026-03-04
10.0
CVSS
CRITICAL
CVE-2025-64121

Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.

pub. 2026-01-02
10.0
CVSS
CRITICAL
CVE-2025-57819

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

pub. 2025-08-28🚩 CISA KEV⚡ EXPLOIT
10.0
CVSS
CRITICAL
CVE-2024-11639

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

pub. 2024-12-10
10.0
CVSS
CRITICAL
CVE-2024-10081

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.

pub. 2024-11-06
10.0
CVSS
CRITICAL
CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue affects: Session Smart Router:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts. Session Smart Conductor:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts.  WAN Assurance Router:  * 6.0 versions before 6.1.9-lts,  * 6.2 versions before 6.2.5-sts.

pub. 2024-06-27
10.0
CVSS
CRITICAL
CVE-2024-2013

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.

pub. 2024-06-11
10.0
CVSS
CRITICAL
CVE-2024-1709

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

pub. 2024-02-21🚩 CISA KEV⚡ EXPLOIT
10.0
CVSS
CRITICAL
CVE-2023-42770

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.

pub. 2023-11-21
9.9
CVSS
CRITICAL
CVE-2026-10523

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

pub. 2026-06-09
9.9
CVSS
CRITICAL
CVE-2024-6684

Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass. This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported.

pub. 2024-08-12
9.8
CVSS
CRITICAL
CVE-2026-49764

Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

pub. 2026-06-15
9.8
CVSS
CRITICAL
CVE-2026-24207

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

pub. 2026-05-20
9.8
CVSS
CRITICAL
CVE-2026-7458

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a "true" OTP value.

pub. 2026-05-02
9.8
CVSS
CRITICAL
CVE-2026-7567

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request.

pub. 2026-05-01
9.8
CVSS
CRITICAL
CVE-2026-6760

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

pub. 2026-04-21
9.8
CVSS
CRITICAL
CVE-2026-6768

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

pub. 2026-04-21
9.8
CVSS
CRITICAL
CVE-2026-6771

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

pub. 2026-04-21
9.8
CVSS
CRITICAL
CVE-2026-3461

The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise.

pub. 2026-04-15
Showing 20 of 587 vulnerabilities
Information
ID: CWE-288
Type: Base
Vulnerabilities: 587
MITRE CWE ↗
← CWE Dictionary
CWE-288 — Authentication Bypass Using an Alternate Path or Channel | CWE Dictionary | CVEbaza.pl