CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

521 vulnerabilities with CWE-288
CVE-2026-7567 CRITICAL
Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover
CVSS 9.8
CVE-2026-40022 HIGH
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
CVSS 8.2
CVE-2026-40630 CRITICAL
SenseLive X3050 Authentication bypass using an alternate path or channel
CVSS 9.8
CVE-2026-41059 HIGH
OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
CVSS 8.2
CVE-2026-6771 CRITICAL
Mitigation bypass in the DOM: Security component
CVSS 9.8
CVE-2026-6768 CRITICAL
Mitigation bypass in the Networking: Cookies component
CVSS 9.8
CVE-2026-6760 CRITICAL
Mitigation bypass in the Networking: Cookies component
CVSS 9.8
CVE-2026-40582 CRITICAL
ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout
CVE-2026-3605 HIGH
Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
CVSS 8.1
CVE-2026-3324 HIGH
Zohocorp ManageEngine Log360 < 13013 - Authentication Bypass
CVSS 8.2
CVE-2026-3461 CRITICAL
Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email
CVSS 9.8
CVE-2026-35664 MEDIUM
OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks
CVSS 5.3
CVE-2026-35661 MEDIUM
OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass
CVSS 5.3
CVE-2026-35654 MEDIUM
OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke
CVSS 5.3
CVE-2026-35647 MEDIUM
OpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification Notices
CVSS 5.3
CVE-2026-35642 MEDIUM
OpenClaw < 2026.3.25 - Authorization Bypass in Group Reactions via requireMention Bypass
CVSS 4.3
CVE-2026-35634 MEDIUM
OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway
CVSS 5.1
CVE-2026-31271 CRITICAL
megagao production_ssm 1.0 - Auth Bypass
CVSS 9.8
CVE-2026-30079 CRITICAL
OpenAirInterface V2.2.0 AMF - Auth Bypass
CVSS 9.8
CVE-2026-31151 CRITICAL
Kaleris YMS 7.2.2.1 - Auth Bypass
CVSS 9.8
CVE-2026-5557 MEDIUM
badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass
CVSS 6.3
CVE-2026-34581 HIGH
goshs has Auth Bypass via Share Token
CVSS 8.1
CVE-2026-33950 CRITICAL
signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity
CVSS 9.4
CVE-2026-29139 CRITICAL
GINA State Confusion Account Takeover
CVSS 9.8
CVE-2026-34372 LOW
Sulu checks fix permissions for subentities endpoints
CVSS 2.7
Details
Vulnerabilities 521
Links
MITRE CWE Entry Search this CWE With Exploits