Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 439

439 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CWE-288 represents a critical authentication weakness where a system enforces security controls on primary interfaces while neglecting them on alternate paths or channels. Attackers typically exploit this by identifying overlooked entry points, such as administrative APIs, debug endpoints, or legacy protocols, which lack proper credential verification. By bypassing the main authentication gate, adversaries gain unauthorized access to sensitive data or functionality without needing valid credentials. To mitigate this risk, developers must adopt a comprehensive security architecture that treats all access channels equally. This involves implementing centralized authentication mechanisms across every interface, conducting rigorous code reviews to identify hidden endpoints, and performing thorough penetration testing that specifically targets non-standard access routes. Ensuring consistent security policies prevents attackers from exploiting these structural gaps to compromise system integrity.

MITRE CWE Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Examples (1)
Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is protected from malicious agents and only allows access to select, while COPY_OF_SECURE_ME is not. Access control is implemented using an allowlist (as indicated by a…
module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n); output [31:0] data_out; input [31:0] data_in, incoming_id, address; input clk, rst_n; wire write_auth, addr_auth; reg [31:0] data_out, acl_oh_allowlist, q; assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0; always @* acl_oh_allowlist <= 32'h8312; assign addr_auth = (address == 32'hF00) ? 1: 0; always @ (posedge clk or negedge rst_n) if (!rst_n) begin q <= 32'h0; data_out <= 32'h0; end else begin q <= (addr_auth & write_auth) ? data_in: q; data_out <= q; end end endmodule
Informative · Verilog
assign addr_auth = (address == 32'hF00) ? 1: 0;
Bad · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2020-37156 BloodX 1.0 - Authentication Bypass — BloodX 6.5 Medium2026-02-11
CVE-2026-1603 Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager 8.6 High2026-02-10
CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton — Agentflow 9.8 Critical2026-02-10
CVE-2026-2095 Flowring|Agentflow - Authentication Bypass — Agentflow 9.8 Critical2026-02-10
CVE-2026-0948 Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005 — Microsoft Entra ID SSO Login 9.8AICriticalAI2026-02-04
CVE-2025-13986 Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124 — Disable Login Page 9.8AICriticalAI2026-01-28
CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118 — CKEditor 5 Premium Features 9.8AICriticalAI2026-01-28
CVE-2025-21589 Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability — Session Smart Router 9.8 Critical2026-01-27
CVE-2026-24858 Fortinet多款产品 安全漏洞 — FortiOS 9.4 Critical2026-01-27
CVE-2025-69101 WordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerability — Workreap Core 9.8 Critical2026-01-22
CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API — SmarterMail 9.8AICriticalAI2026-01-22
CVE-2025-10484 Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Authentication Bypass — Registration & Login with Mobile Phone Number for WooCommerce 9.8 Critical2026-01-17
CVE-2025-67915 WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability — Timetics 8.8 High2026-01-08
CVE-2025-23504 WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability — Felan Framework 9.8 Critical2026-01-08
CVE-2026-21411 Plat’Home OpenBlocks IoT VX2 安全漏洞 — OpenBlocks IoT DX1 (FW5.0.x) 9.8 -2026-01-06
CVE-2025-3652 Petlibro Smart Pet Feeder Platform through 1.7.31 Audio Information Disclosure via API endpoint — Smart Pet Feeder Platform 5.3 Medium2026-01-03
CVE-2025-64121 Nuvation Energy Multi-Stack Controller Authentication Bypass — Multi-Stack Controller (MSC) 9.8 -2026-01-02
CVE-2025-68620 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling — signalk-server 9.1 Critical2026-01-01
CVE-2025-15102 DVP-12SE11T - Password Protection Bypass — DVP-12SE11T 9.1 Critical2025-12-30
CVE-2025-68860 WordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability — Mobile builder 9.8 Critical2025-12-29
CVE-2025-64236 WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability — Tuturn 9.8 Critical2025-12-18
CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter — LibreOffice 9.8AICriticalAI2025-12-15
CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 6.8 Medium2025-12-11
CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel — DCIM dcTrack 7.2 High2025-12-04
CVE-2025-13539 FindAll Membership <= 1.0.4 - Authentication Bypass via Social Login — FindAll Membership 9.8 Critical2025-11-27
CVE-2025-10571 ABB Ability Edgenius Authentication Bypass — ABB Ability Edgenius 9.6 Critical2025-11-20
CVE-2025-12760 Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115 — Email TFA 9.8AICriticalAI2025-11-18
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields — federation 7.5 High2025-11-13
CVE-2025-59367 ASUS DSL-AC51 安全漏洞 — DSL-AC51 9.8 -2025-11-13
CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types — router 7.5 High2025-11-06

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 439 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.