CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

568 vulnerabilities with CWE-288
CVE-2026-25035 CRITICAL
WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability
CVSS 9.8
CVE-2026-25002 HIGH
WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability
CVSS 7.5
CVE-2026-24359 HIGH
WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability
CVSS 8.8
CVE-2026-3214 MEDIUM
CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015
CVSS 6.5
CVE-2026-1917 MEDIUM
Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
CVSS 4.3
CVE-2026-33315 MEDIUM
Vikunja <2.2.0 CalDAV Basic Auth - Two-Factor Authentication Bypass
CVSS 4.3
CVE-2026-4700 CRITICAL
Mitigation bypass in the Networking: HTTP component
CVSS 9.8
CVE-2026-23480 HIGH
Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint
CVSS 8.8
CVE-2026-22733 HIGH
Authentication Bypass under Actuator CloudFoundry endpoints
CVSS 8.2
CVE-2026-22731 HIGH
Authentication Bypass under Actuator Health groups paths
CVSS 8.2
CVE-2026-32031 MEDIUM
OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway
CVSS 4.8
CVE-2026-32004 MEDIUM
OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route
CVSS 6.5
CVE-2026-25471 HIGH
WordPress Admin Safety Guard plugin <= 1.2.6 - Broken Authentication vulnerability
CVSS 8.1
CVE-2026-3930 MEDIUM
Google Chrome iOS <146.0.7680.71 - Auth Bypass
CVSS 5.3
CVE-2026-32130 HIGH
ZITADEL 2.68.0-3.4.7/4.12.0-4.12.1 - Auth Bypass
CVSS 7.5
CVE-2026-0602 MEDIUM
GitLab 15.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Metadata Disclosure via Snippet Rendering
CVSS 4.3
CVE-2026-27842 CRITICAL
MR-GM5L-S1 & MR-GM5A-L1 - Auth Bypass
CVSS 9.8
CVE-2026-26117 HIGH
Azure Windows Virtual Machine Agent - Privilege Escalation
CVSS 7.8
CVE-2026-22572 HIGH
Fortinet FortiAnalyzer 7.6.0-7.6.3 - Auth Bypass
CVSS 7.2
CVE-2026-30777 MEDIUM
EC-CUBE 4.1.0-4.1.1 - Multi-Factor Authentication Bypass
CVSS 6.5
CVE-2026-27390 HIGH
WeDesignTech Ultimate Booking Addon <=1.0.1 - Auth Bypass
CVSS 8.8
CVE-2026-27389 CRITICAL
WeDesignTech Ultimate Booking Addon <=1.0.1 - Auth Bypass
CVSS 9.8
CVE-2026-20079 CRITICAL
Cisco Secure Firewall Management Center - Auth Bypass & RCE via Crafted HTTP Requests
CVSS 10.0
CVE-2026-2628 CRITICAL
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <2.2.5 - Authentication Bypass
CVSS 9.8
CVE-2026-28411 CRITICAL
WeGIA < 3.6.5 - Unauthenticated PHP Variable Overwrite via extract() on $_REQUEST
CVSS 9.8
Details
Vulnerabilities 568
Links
MITRE CWE Entry Search this CWE With Exploits