Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2026-3214 CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015 — CAPTCHA 9.1 -2026-03-25
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 — Login Disable 9.8 -2026-03-25
CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth — vikunja 5.3 -2026-03-24
CVE-2026-23480 Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint — blinko 8.8 -2026-03-23
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints — Spring Security 8.2 High2026-03-19
CVE-2026-22731 Authentication Bypass under Actuator Health groups paths — Spring Boot 8.2 High2026-03-19
CVE-2026-32031 OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway — OpenClaw 4.8 Medium2026-03-19
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route — OpenClaw 6.5 Medium2026-03-19
CVE-2026-25471 WordPress Admin Safety Guard plugin <= 1.2.6 - Broken Authentication vulnerability — Admin Safety Guard 8.1 High2026-03-19
CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding — zitadel 7.5 High2026-03-11
CVE-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 4.3 Medium2026-03-11
CVE-2026-27842 Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 安全漏洞 — MR-GM5L-S1 9.1AICriticalAI2026-03-11
CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability — Arc Enabled Servers - Azure Connected Machine Agent 7.8 High2026-03-10
CVE-2026-22572 Fortinet FortiManager多款产品 安全漏洞 — FortiManager 6.8 High2026-03-10
CVE-2026-27390 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking Addon 8.8 High2026-03-05
CVE-2026-27389 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking Addon 9.8 Critical2026-03-05
CVE-2026-30777 EC-CUBE 安全漏洞 — EC-CUBE 4.1 series 7.2 -2026-03-05
CVE-2026-20079 Cisco Secure Firewall Management Center 安全漏洞 — Cisco Secure Firewall Management Center (FMC) 10.0 Critical2026-03-04
CVE-2026-2628 All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass — All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login 9.8 Critical2026-03-03
CVE-2026-28411 WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)` — WeGIA 9.8 Critical2026-02-27
CVE-2026-27707 Plex-configured Seerr instances vulnerable to unauthenticated account registration via Jellyfin authentication endpoint — seerr 7.3 High2026-02-27
CVE-2026-22205 SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling — SPIP 7.5 High2026-02-26
CVE-2026-1241 Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras — Sarix Professional IMP 3 Series 9.1AICriticalAI2026-02-26
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 8.1 High2026-02-26
CVE-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 4.3 Medium2026-02-25
CVE-2026-22341 WordPress Booked plugin <= 3.0.0 - Account Takeover vulnerability — Booked 6.7 Medium2026-02-20
CVE-2025-68895 WordPress AhaChat Messenger Marketing plugin <= 1.1 - Broken Authentication vulnerability — AhaChat Messenger Marketing 6.5 Medium2026-02-20
CVE-2025-67998 WordPress Miraculous Elementor plugin <= 2.0.7 - Broken Authentication vulnerability — Miraculous Elementor 8.8 High2026-02-20
CVE-2026-2540 Micca KE700 Acceptance of previously used rolling codes — Car Alarm System KE700 6.8AIMediumAI2026-02-15
CVE-2026-1618 Admin Account Takeover in Universal Sotware's FlexCity/Kiosk — FlexCity/Kiosk 8.8 High2026-02-13

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.