CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

92 vulnerabilities with CWE-441
CVE-2026-9595 MEDIUM
webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
CVSS 5.3
CVE-2026-44494 HIGH
Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
CVSS 8.7
CVE-2026-49821 HIGH
Fission < 1.24.0 Package Builder - Command Execution via Environment Reference
CVSS 7.7
CVE-2026-36608 HIGH
Mercusys AC12G (EU) V1 Firmware AC12G(EU)_V1_200909 - Unauthenticated UPnP Port Forwarding to Admin Interface
CVSS 8.8
CVE-2026-0098 HIGH
Google Android - Unintended Proxy or Intermediary ('Confused Deputy')
CVSS 7.8
CVE-2026-48522 MEDIUM
PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes
CVSS 4.2
CVE-2026-3160 MEDIUM
Unintended Proxy or Intermediary ('Confused Deputy') in GitLab
CVSS 5.8
CVE-2026-45003 MEDIUM
OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files
CVSS 5.0
CVE-2026-44992 MEDIUM
OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv
CVSS 5.0
CVE-2026-42313 HIGH
pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy
CVSS 8.3
CVE-2026-45182 LOW
GrapheneOS < 2026050400 - VPN IP Address Leak via QuicConnectionClosePayload Optimization
CVSS 2.2
CVE-2026-7381 CRITICAL
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting
CVSS 9.1
CVE-2026-41365 MEDIUM
OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History
CVSS 5.4
CVE-2026-6993 MEDIUM
go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy
CVSS 5.3
CVE-2026-42043 HIGH
Axios <1.15.1, <0.31.1 - Auth Bypass
CVSS 7.2
CVE-2026-23751 CRITICAL
Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting
CVSS 9.8
CVE-2026-39906 CRITICAL
Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting
CVSS 10.0
CVE-2026-39961 MEDIUM
Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource
CVSS 6.8
CVE-2026-27124 MEDIUM
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
CVSS 6.1
CVE-2026-33768 MEDIUM
Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`
CVSS 6.5
CVE-2026-0107 HIGH
gmc_ddr_handle_mba_mr_req - Privilege Escalation
CVSS 8.4
CVE-2026-30225 MEDIUM
OliveTin <3000.11.1 - Privilege Escalation
CVSS 5.3
CVE-2026-0021 HIGH
AppInfoBase.java - Privilege Escalation
CVSS 8.4
CVE-2026-0013 HIGH
Android - Local Privilege Escalation via DocumentsUI PickActivity Confused Deputy
CVSS 8.4
CVE-2026-0008 HIGH
Android - Privilege Escalation via Confused Deputy
CVSS 8.4
Details
Vulnerabilities 92
Links
MITRE CWE Entry Search this CWE With Exploits