CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
CVE-2026-20460 (GCVE-0-2026-20460)
Vulnerability from cvelistv5 – Published: 2026-07-01 03:14 – Updated: 2026-07-01 10:39- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6779 Affected: MT6781 Affected: MT6783 Affected: MT6785 Affected: MT6789 Affected: MT6813 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986D Affected: MT6988 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8765 Affected: MT8766 Affected: MT8766R Affected: MT8768 Affected: MT8771 Affected: MT8775 Affected: MT8781 Affected: MT8786 Affected: MT8788 Affected: MT8788E Affected: MT8789 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8796 Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T10:37:14.445048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T10:39:34.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6779"
},
{
"status": "affected",
"version": "MT6781"
},
{
"status": "affected",
"version": "MT6783"
},
{
"status": "affected",
"version": "MT6785"
},
{
"status": "affected",
"version": "MT6789"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986D"
},
{
"status": "affected",
"version": "MT6988"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8765"
},
{
"status": "affected",
"version": "MT8766"
},
{
"status": "affected",
"version": "MT8766R"
},
{
"status": "affected",
"version": "MT8768"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8781"
},
{
"status": "affected",
"version": "MT8786"
},
{
"status": "affected",
"version": "MT8788"
},
{
"status": "affected",
"version": "MT8788E"
},
{
"status": "affected",
"version": "MT8789"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8796"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T03:14:02.293Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20460",
"datePublished": "2026-07-01T03:14:02.293Z",
"dateReserved": "2025-11-03T01:30:59.014Z",
"dateUpdated": "2026-07-01T10:39:34.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20459 (GCVE-0-2026-20459)
Vulnerability from cvelistv5 – Published: 2026-07-01 03:14 – Updated: 2026-07-01 10:39- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2716
Affected: MT2735 Affected: MT2737 Affected: MT6739 Affected: MT6761 Affected: MT6762 Affected: MT6763 Affected: MT6765 Affected: MT6767 Affected: MT6768 Affected: MT6769 Affected: MT6771 Affected: MT6779 Affected: MT6781 Affected: MT6783 Affected: MT6785 Affected: MT6789 Affected: MT6813 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6881 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6982 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6986D Affected: MT6988 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8666 Affected: MT8667 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8765 Affected: MT8766 Affected: MT8766R Affected: MT8768 Affected: MT8771 Affected: MT8775 Affected: MT8781 Affected: MT8786 Affected: MT8788 Affected: MT8788E Affected: MT8789 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8796 Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T10:37:31.607937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T10:39:19.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2716"
},
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6739"
},
{
"status": "affected",
"version": "MT6761"
},
{
"status": "affected",
"version": "MT6762"
},
{
"status": "affected",
"version": "MT6763"
},
{
"status": "affected",
"version": "MT6765"
},
{
"status": "affected",
"version": "MT6767"
},
{
"status": "affected",
"version": "MT6768"
},
{
"status": "affected",
"version": "MT6769"
},
{
"status": "affected",
"version": "MT6771"
},
{
"status": "affected",
"version": "MT6779"
},
{
"status": "affected",
"version": "MT6781"
},
{
"status": "affected",
"version": "MT6783"
},
{
"status": "affected",
"version": "MT6785"
},
{
"status": "affected",
"version": "MT6789"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6881"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6982"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6986D"
},
{
"status": "affected",
"version": "MT6988"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8666"
},
{
"status": "affected",
"version": "MT8667"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8765"
},
{
"status": "affected",
"version": "MT8766"
},
{
"status": "affected",
"version": "MT8766R"
},
{
"status": "affected",
"version": "MT8768"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8781"
},
{
"status": "affected",
"version": "MT8786"
},
{
"status": "affected",
"version": "MT8788"
},
{
"status": "affected",
"version": "MT8788E"
},
{
"status": "affected",
"version": "MT8789"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8796"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T03:14:00.977Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20459",
"datePublished": "2026-07-01T03:14:00.977Z",
"dateReserved": "2025-11-03T01:30:59.014Z",
"dateUpdated": "2026-07-01T10:39:19.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20079 (GCVE-0-2026-20079)
Vulnerability from cvelistv5 – Published: 2026-03-04 17:17 – Updated: 2026-03-05 14:06- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Firewall Management Center (FMC) |
Affected:
7.0.0
Affected: 7.0.0.1 Affected: 7.0.1 Affected: 7.0.1.1 Affected: 7.0.2 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 7.0.4 Affected: 7.0.5 Affected: 7.0.6 Affected: 7.0.6.1 Affected: 7.0.6.2 Affected: 7.0.6.3 Affected: 7.0.7 Affected: 7.0.8 Affected: 7.0.8.1 Affected: 7.1.0 Affected: 7.1.0.1 Affected: 7.1.0.2 Affected: 7.1.0.3 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.2.2 Affected: 7.2.0.1 Affected: 7.2.3 Affected: 7.2.3.1 Affected: 7.2.4 Affected: 7.2.4.1 Affected: 7.2.5 Affected: 7.2.5.1 Affected: 7.2.6 Affected: 7.2.7 Affected: 7.2.5.2 Affected: 7.2.8 Affected: 7.2.8.1 Affected: 7.2.9 Affected: 7.2.10 Affected: 7.2.10.2 Affected: 7.2.10.1 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.3.1.1 Affected: 7.3.1.2 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.4.1.1 Affected: 7.4.2 Affected: 7.4.2.1 Affected: 7.4.2.2 Affected: 7.4.2.3 Affected: 7.4.2.4 Affected: 7.4.3 Affected: 7.6.0 Affected: 7.6.1 Affected: 7.6.2 Affected: 7.6.2.1 Affected: 7.6.3 Affected: 7.7.0 Affected: 7.7.10 Affected: 7.7.10.1 Affected: 7.7.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T04:55:41.152638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:06:33.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Firewall Management Center (FMC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.0.6"
},
{
"status": "affected",
"version": "7.0.6.1"
},
{
"status": "affected",
"version": "7.0.6.2"
},
{
"status": "affected",
"version": "7.0.6.3"
},
{
"status": "affected",
"version": "7.0.7"
},
{
"status": "affected",
"version": "7.0.8"
},
{
"status": "affected",
"version": "7.0.8.1"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.3.1"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.2.6"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.5.2"
},
{
"status": "affected",
"version": "7.2.8"
},
{
"status": "affected",
"version": "7.2.8.1"
},
{
"status": "affected",
"version": "7.2.9"
},
{
"status": "affected",
"version": "7.2.10"
},
{
"status": "affected",
"version": "7.2.10.2"
},
{
"status": "affected",
"version": "7.2.10.1"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.3.1.2"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.4.2.1"
},
{
"status": "affected",
"version": "7.4.2.2"
},
{
"status": "affected",
"version": "7.4.2.3"
},
{
"status": "affected",
"version": "7.4.2.4"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.6.2.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.7.0"
},
{
"status": "affected",
"version": "7.7.10"
},
{
"status": "affected",
"version": "7.7.10.1"
},
{
"status": "affected",
"version": "7.7.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system.\r\n\r This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T17:17:35.838Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-onprem-fmc-authbypass-5JPp45V2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2"
}
],
"source": {
"advisory": "cisco-sa-onprem-fmc-authbypass-5JPp45V2",
"defects": [
"CSCwr96008"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20079",
"datePublished": "2026-03-04T17:17:35.838Z",
"dateReserved": "2025-10-08T11:59:15.363Z",
"dateUpdated": "2026-03-05T14:06:33.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12579 (GCVE-0-2026-12579)
Vulnerability from cvelistv5 – Published: 2026-07-01 05:22 – Updated: 2026-07-01 12:29- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T12:29:11.035257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:29:19.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AS228T",
"vendor": "deltaww",
"versions": [
{
"lessThanOrEqual": "1.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "CNVD"
}
],
"datePublic": "2026-07-01T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AS228T with Authentication Bypass Vulnerability"
}
],
"value": "AS228T with Authentication Bypass Vulnerability"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T05:22:38.951Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00012_AS228T%20Authentication%20Bypass%20Vulnerability%20(CVE-2026-12579).pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users are recommended to upgrade the firmware to v1.16 or later."
}
],
"value": "Users are recommended to upgrade the firmware to v1.16 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AS228T - Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2026-12579",
"datePublished": "2026-07-01T05:22:38.951Z",
"dateReserved": "2026-06-18T05:22:59.674Z",
"dateUpdated": "2026-07-01T12:29:19.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12225 (GCVE-0-2026-12225)
Vulnerability from cvelistv5 – Published: 2026-06-16 11:20 – Updated: 2026-06-21 07:37- CWE-288 - Authentication bypass using an alternate path or channel
| URL | Tags |
|---|---|
| https://marketplace.atlassian.com/apps/1214491/se… | product |
| https://syracom-bee.atlassian.net/wiki/spaces/SL/… | vendor-advisory |
| https://syracom-bee.atlassian.net/wiki/spaces/SL/… | mitigation |
| https://r.sec-consult.com/syracom | third-party-advisory |
| http://seclists.org/fulldisclosure/2026/Jun/16 |
| Vendor | Product | Version | |
|---|---|---|---|
| syracom AG | Secure Login (2FA) for Jira |
Affected:
3.4.0.0 , < 3.5.0.0
(custom)
|
|
| syracom AG | Secure Login (2FA) for Confluence |
Affected:
3.4.0.0 , < 3.5.0.0
(custom)
|
|
| syracom AG | Secure Login (2FA) for Bitbucket |
Affected:
3.4.0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T12:05:55.723368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T12:09:13.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-21T07:37:23.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2026/Jun/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Login (2FA) for Jira",
"vendor": "syracom AG",
"versions": [
{
"lessThan": "3.5.0.0",
"status": "affected",
"version": "3.4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Secure Login (2FA) for Confluence",
"vendor": "syracom AG",
"versions": [
{
"lessThan": "3.5.0.0",
"status": "affected",
"version": "3.4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Secure Login (2FA) for Bitbucket",
"vendor": "syracom AG",
"versions": [
{
"status": "affected",
"version": "3.4.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Laurentius von Oppenkowski, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Timo M\u00fcller, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containing specific strings such as AtlassianMobileApp or JIRA. When such a User-Agent is present, the plugin does not enforce the configured 2FA checks for protected web resources. Successful exploitation allows the attacker to access the affected Atlassian application as the compromised user without completing 2FA. If the compromised account has administrative privileges, the attacker can access administrative functionality and may disable the 2FA plugin or make arbitrary administrative changes. The issue is fixed in version 3.5.0.0."
}
],
"value": "syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containing specific strings such as AtlassianMobileApp or JIRA. When such a User-Agent is present, the plugin does not enforce the configured 2FA checks for protected web resources. Successful exploitation allows the attacker to access the affected Atlassian application as the compromised user without completing 2FA. If the compromised account has administrative privileges, the attacker can access administrative functionality and may disable the 2FA plugin or make arbitrary administrative changes. The issue is fixed in version 3.5.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication bypass using an alternate path or channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T11:20:37.621Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"product"
],
"url": "https://marketplace.atlassian.com/apps/1214491/secure-login-2fa-for-confluence"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://syracom-bee.atlassian.net/wiki/spaces/SL/pages/4193255427/2026-05-11+-+Secure+Login+security+advisory+-+Broken+Access+Control"
},
{
"tags": [
"mitigation"
],
"url": "https://syracom-bee.atlassian.net/wiki/spaces/SL/pages/4230217729/Mobile+app+login+does+not+work+with+Secure+Login"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/syracom"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Secure Login (2FA) for Jira, Confluence, and Bitbucket to version 3.5.0.0 or later."
}
],
"value": "Upgrade Secure Login (2FA) for Jira, Confluence, and Bitbucket to version 3.5.0.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround is required. The vendor provides a fixed version 3.5.0.0, which should be installed immediately."
}
],
"value": "No workaround is required. The vendor provides a fixed version 3.5.0.0, which should be installed immediately."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2026-12225",
"datePublished": "2026-06-16T11:20:37.621Z",
"dateReserved": "2026-06-14T15:35:21.997Z",
"dateUpdated": "2026-06-21T07:37:23.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10523 (GCVE-0-2026-10523)
Vulnerability from cvelistv5 – Published: 2026-06-09 14:16 – Updated: 2026-06-10 03:58- CWE-288 - Authentication bypass using an alternate path or channel
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:58:55.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Sentry",
"vendor": "ivanti",
"versions": [
{
"status": "unaffected",
"version": "R10.5.2"
},
{
"status": "unaffected",
"version": "R10.6.2"
},
{
"status": "unaffected",
"version": "R10.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authentication Bypass vulnerability (CWE-288)\u0026nbsp;in Ivanti\u0026nbsp;Sentry before the\u0026nbsp;R10.5.2, R10.6.2 and R10.7.1\u0026nbsp;versions\u0026nbsp;allows\u0026nbsp;a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access\u0026nbsp;"
}
],
"value": "An Authentication Bypass vulnerability (CWE-288)\u00a0in Ivanti\u00a0Sentry before the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication bypass using an alternate path or channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:17:40.240Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2026-10523",
"datePublished": "2026-06-09T14:16:41.255Z",
"dateReserved": "2026-06-01T08:57:47.470Z",
"dateUpdated": "2026-06-10T03:58:55.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8990 (GCVE-0-2026-8990)
Vulnerability from cvelistv5 – Published: 2026-05-28 13:27 – Updated: 2026-05-28 15:14| URL | Tags |
|---|---|
| https://cert.pl/posts/2026/05/CVE-2026-8990 | third-party-advisory |
| https://kidsview.pl/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| View Concept | Kidsview |
Affected:
4.0.1 , < 4.4.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T15:12:50.115280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T15:14:26.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android",
"iOS"
],
"product": "Kidsview",
"vendor": "View Concept",
"versions": [
{
"lessThan": "4.4.3",
"status": "affected",
"version": "4.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakub Lewandowski"
}
],
"datePublic": "2026-05-28T13:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user with physical access to a smartphone can bypass\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthentication mechanism of \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eKidsview mobile application \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eand grant himself full access to the device owner\u0027s account by interacting with application\u0027s push notification.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eThis issue was fixed in version 4.4.3"
}
],
"value": "A user with physical access to a smartphone can bypass\u00a0authentication mechanism of Kidsview mobile application and grant himself full access to the device owner\u0027s account by interacting with application\u0027s push notification.\n\nThis issue was fixed in version 4.4.3"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:27:00.417Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/05/CVE-2026-8990"
},
{
"tags": [
"product"
],
"url": "https://kidsview.pl/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in Kidsview",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2026-8990",
"datePublished": "2026-05-28T13:27:00.417Z",
"dateReserved": "2026-05-19T13:13:51.711Z",
"dateUpdated": "2026-05-28T15:14:26.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8697 (GCVE-0-2026-8697)
Vulnerability from cvelistv5 – Published: 2026-05-28 15:45 – Updated: 2026-05-29 03:55- CWE-288 - Authentication bypass using an alternate path or channel
| URL | Tags |
|---|---|
| https://www.tp-link.com/en/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5105/ | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer C64 v1.0 |
Affected:
0 , < 1.15.0 Build 250729 Rel.63489n(4555)
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T03:55:51.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C64 v1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.15.0 Build 250729 Rel.63489n(4555)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tanjim Kamal"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH.\n\u003cbr\u003eSuccessful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH.\n\nSuccessful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication bypass using an alternate path or channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T15:45:20.971Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-c64/v1/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5105/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Authentication Rate Limiting on TP-Link\u0027s Archer C64",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-8697",
"datePublished": "2026-05-28T15:45:20.971Z",
"dateReserved": "2026-05-15T16:35:09.352Z",
"dateUpdated": "2026-05-29T03:55:51.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8598 (GCVE-0-2026-8598)
Vulnerability from cvelistv5 – Published: 2026-05-20 14:53 – Updated: 2026-05-20 15:27| Vendor | Product | Version | |
|---|---|---|---|
| ZKTeco | SSC335-GC2063-Face-0b77 Solution Camera |
Affected:
0 , < V5.0.1.2.20260421
(custom)
Unaffected: V5.0.1.2.20260421 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T15:27:20.433318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:27:49.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SSC335-GC2063-Face-0b77 Solution Camera",
"vendor": "ZKTeco",
"versions": [
{
"lessThan": "V5.0.1.2.20260421",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "V5.0.1.2.20260421"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported this vulnerability to CISA."
}
],
"datePublic": "2026-05-20T02:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An undocumented configuration export port is accessible on some models \nof ZKTeco CCTV cameras. This port does not require authentication and \nexposes critical information about the camera such as open services and \ncamera account credentials."
}
],
"value": "An undocumented configuration export port is accessible on some models \nof ZKTeco CCTV cameras. This port does not require authentication and \nexposes critical information about the camera such as open services and \ncamera account credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:53:48.861Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zkteco.com/en/announcement/23"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity."
}
],
"value": "ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information.\u003cbr\u003e\u003ca href=\"https://www.zkteco.com/en/announcement/23\"\u003ehttps://www.zkteco.com/en/announcement/23\u003c/a\u003e"
}
],
"value": "Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information.\n https://www.zkteco.com/en/announcement/23"
}
],
"source": {
"advisory": "ICSA-26-139-04",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Export Service in ZKTeco CCTV Cameras",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-8598",
"datePublished": "2026-05-20T14:53:48.861Z",
"dateReserved": "2026-05-14T14:10:56.160Z",
"dateUpdated": "2026-05-20T15:27:49.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8321 (GCVE-0-2026-8321)
Vulnerability from cvelistv5 – Published: 2026-05-11 19:45 – Updated: 2026-05-12 12:59| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362608 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/362608/cti | signaturepermissions-required |
| https://vuldb.com/submit/811314 | third-party-advisory |
| https://github.com/inkeep/agents/issues/3024 | exploitissue-tracking |
| https://github.com/inkeep/agents/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8321",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:59:33.001542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:59:42.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"runAuth Middleware"
],
"product": "agents",
"vendor": "inkeep",
"versions": [
{
"status": "affected",
"version": "0.58.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-d (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:45:08.634Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362608 | inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/362608"
},
{
"name": "VDB-362608 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362608/cti"
},
{
"name": "Submit #811314 | inkeep agents 0.58.14 Authentication Bypass (CWE-288)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/811314"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/inkeep/agents/issues/3024"
},
{
"tags": [
"product"
],
"url": "https://github.com/inkeep/agents/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-11T15:41:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8321",
"datePublished": "2026-05-11T19:45:08.634Z",
"dateReserved": "2026-05-11T13:36:22.325Z",
"dateUpdated": "2026-05-12T12:59:42.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.