Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2026-41308 Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication — PasswordPusher 6.5 Medium2026-05-08
CVE-2026-7458 User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint — User Verification by PickPlugins 9.8 Critical2026-05-02
CVE-2026-7567 Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover — Temporary Login 9.8 Critical2026-05-01
CVE-2026-40022 Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime — Apache Camel Platform HTTP Main 9.8AICriticalAI2026-04-27
CVE-2026-40630 SenseLive X3050 Authentication bypass using an alternate path or channel — X3050 9.8 Critical2026-04-23
CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex — oauth2-proxy 8.2 High2026-04-21
CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout — CRM 9.8AICriticalAI2026-04-17
CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service — Vault 8.1 High2026-04-17
CVE-2026-3324 Authentication Bypass — ManageEngine Log360 8.2 High2026-04-16
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email — Visa Acceptance Solutions 9.8 Critical2026-04-15
CVE-2026-35664 OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35661 OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35654 OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35647 OpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification Notices — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35642 OpenClaw < 2026.3.25 - Authorization Bypass in Group Reactions via requireMention Bypass — OpenClaw 4.3 Medium2026-04-09
CVE-2026-35634 OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway — OpenClaw 5.1 Medium2026-04-09
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass — pi-mono 6.3 Medium2026-04-05
CVE-2026-34581 goshs has Auth Bypass via Share Token — goshs 8.1 High2026-04-02
CVE-2026-29139 GINA State Confusion Account Takeover — Secure Email Gateway 9.8AICriticalAI2026-04-02
CVE-2026-34372 Sulu checks fix permissions for subentities endpoints — sulu 4.3 -2026-03-31
CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body — moby 8.8 High2026-03-31
CVE-2026-32678 BUFFALO Wi-Fi router 安全漏洞 — BUFFALO Wi-Fi router products 8.8 -2026-03-27
CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026 — OpenID Connect / OAuth client 9.8AICriticalAI2026-03-26
CVE-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 6.8 Medium2026-03-25
CVE-2026-27049 WordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerability — Jobica Core 9.8 Critical2026-03-25
CVE-2026-25406 WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability — Tutor LMS Pro 8.1 High2026-03-25
CVE-2026-25357 WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability — Ultimate Membership Pro 8.1 High2026-03-25
CVE-2026-25035 WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability — Contest Gallery 9.8 Critical2026-03-25
CVE-2026-25002 WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability — LearnPress – Sepay Payment 7.5 High2026-03-25
CVE-2026-24359 WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability — Dokan 8.8 High2026-03-25

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.