CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

568 vulnerabilities with CWE-288
CVE-2026-42735 HIGH
WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
CVSS 8.2
CVE-2026-45217 MEDIUM
WordPress Stripe Payment Gateway for WooCommerce plugin <= 5.0.7 - Broken Authentication vulnerability
CVSS 6.5
CVE-2026-33843 CRITICAL
Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability
CVSS 9.1
CVE-2026-8598 CRITICAL
Unauthenticated Export Service in ZKTeco CCTV Cameras
CVSS 9.1
CVE-2026-24207 CRITICAL
Nvidia Triton Inference Server - Authentication Bypass Using an Alternate Path or Channel
CVSS 9.8
CVE-2026-24206 HIGH
Nvidia Triton Inference Server < r26.03 - Authentication Bypass Using an Alternate Path or Channel
CVSS 7.3
CVE-2026-4320 CRITICAL
Authorization Bypass in ICMS Content Management by Creartia Internet Consulting
CVE-2026-4524 MEDIUM
Authentication Bypass Using an Alternate Path or Channel in GitLab
CVSS 6.5
CVE-2026-45109 HIGH
Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
CVSS 7.5
CVE-2026-44575 HIGH
Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
CVSS 7.5
CVE-2026-44574 HIGH
Next.js: Middleware / Proxy bypass through dynamic route parameter injection
CVSS 8.1
CVE-2026-40621 CRITICAL
Elecom Co.,ltd. WRC-BE72XSD-B - Authentication Bypass Using an Alternate Path or Channel
CVSS 9.8
CVE-2026-42303 MEDIUM
Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
CVE-2026-42300 CRITICAL
DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header
CVE-2026-35422 MEDIUM
Microsoft Windows 10 Version 1607 - Windows TCP/IP Driver Security Feature Bypass Vulnerability
CVSS 6.5
CVE-2026-8321 HIGH
inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass
CVSS 7.3
CVE-2026-41308 MEDIUM
Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication
CVSS 6.5
CVE-2026-7458 CRITICAL
User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint
CVSS 9.8
CVE-2026-7567 CRITICAL
Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover
CVSS 9.8
CVE-2026-40022 HIGH
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
CVSS 8.2
CVE-2026-40630 CRITICAL
SenseLive X3050 Authentication bypass using an alternate path or channel
CVSS 9.8
CVE-2026-41059 HIGH
OAuth2 Proxy 7.5.0-7.15.1 skip_auth Rules - Authentication Bypass
CVSS 8.2
CVE-2026-6771 CRITICAL
Mitigation bypass in the DOM: Security component
CVSS 9.8
CVE-2026-6768 CRITICAL
Mitigation bypass in the Networking: Cookies component
CVSS 9.8
CVE-2026-6760 CRITICAL
Mitigation bypass in the Networking: Cookies component
CVSS 9.8
Details
Vulnerabilities 568
Links
MITRE CWE Entry Search this CWE With Exploits