Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

type:auth-bypass — CVE vulnerabilities tagged 1749

1749 CVE security advisories tagged "type:auth-bypass" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:auth-bypass" identifies vulnerabilities where attackers circumvent authentication mechanisms to gain unauthorized access to protected resources. This class of flaws is critical because it undermines the fundamental integrity of access controls, allowing malicious actors to assume legitimate user identities or access administrative functions without valid credentials. Typical scenarios include improper validation of session tokens, logic errors in multi-factor authentication workflows, or the exploitation of weak cryptographic implementations that allow password guessing or token forgery. With 1739 associated CVEs, this widespread issue highlights persistent challenges in secure coding practices. Successful exploitation often leads to data breaches, privilege escalation, and complete system compromise, making the remediation of authentication bypasses a priority for security teams aiming to maintain robust perimeter defenses and protect sensitive organizational data from external threats.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41070 openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access — openvpn-auth-oauth2CWE-287 10.0 Critical2026-05-08
CVE-2026-41308 Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication — PasswordPusherCWE-288 6.5 Medium2026-05-08
CVE-2023-46453 GL.iNet Router 安全漏洞 — n/a--2026-05-08
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider — Enterprise ServerCWE-306--2026-05-07
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username — Red Hat Enterprise Linux 10 7.1 High2026-05-07
CVE-2026-41891 CI4MS: Deactivated User Session Bypass (active=0) — ci4msCWE-613--2026-05-07
CVE-2026-41671 Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation — admidioCWE-287 6.8 Medium2026-05-07
CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation — OpenClawCWE-1188 9.8 Critical2026-05-06
CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route — OpenClawCWE-862 9.8 Critical2026-05-06
CVE-2026-34474 ZTE ZXHN路由器凭证泄露漏洞 — n/a--2026-05-06
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account — openctiCWE-287 9.8 Critical2026-05-05
CVE-2026-43569 OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth — OpenClawCWE-829 8.8 High2026-05-05
CVE-2025-42611 Improper certificate validation in multiple RouterOS services — RouterOSCWE-295 6.5 Medium2026-05-05
CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse — MoreConvert ProCWE-287 9.8 Critical2026-05-05
CVE-2026-0073 Android adbd无线ADB认证绕过导致远程代码执行 — Android 8.8AIHighAI2026-05-04
CVE-2026-32834 Easy PayPal Events & Tickets 1.3 Authentication Bypass via QR Code Scanning — easy-paypal-events-ticketsCWE-798 7.5 High2026-05-04
CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence — cosmosCWE-620 8.1 High2026-05-04
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack — Apache HTTP ServerCWE-208 8.1AIHighAI2026-05-04
CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication — prefectCWE-306 7.3 High2026-05-04
CVE-2026-42365 GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability — GV-LPC2011/LPC2211CWE-341 8.6 High2026-05-04
CVE-2026-7710 YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication — yudao-cloudCWE-287 7.3 High2026-05-03
CVE-2026-7709 janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization — Calibre-WebCWE-285 6.3 Medium2026-05-03
CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication — yudao-cloudCWE-287 7.3 High2026-05-03
CVE-2026-7630 innocommerce InnoShop Installation Endpoint InstallServiceProvider.php boot improper authentication — InnoShopCWE-287 7.3 High2026-05-02
CVE-2026-7458 User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint — User Verification by PickPluginsCWE-288 9.8 Critical2026-05-02
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect — Linux 8.8 High2026-05-01
CVE-2026-7567 Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover — Temporary LoginCWE-288 9.8 Critical2026-05-01
CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync — traefikCWE-706 8.2AIHighAI2026-04-30
CVE-2026-39858 Traefik: Forwarded alias spoofing top pre-auth decision bypass — traefikCWE-290 9.8AICriticalAI2026-04-30
CVE-2026-35051 Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth — traefikCWE-345 9.1AICriticalAI2026-04-30

Vulnerabilities classified as type:auth-bypass represent 1749 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.