CWE-602

Medium likelihood

Client-Side Enforcement of Server-Side Security

Parent: CWE-693 - Protection Mechanism Failure

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

118 vulnerabilities with CWE-602
CVE-2026-11287 MEDIUM
Google Chrome - Improper Input Validation
CVSS 6.5
CVE-2026-11267 MEDIUM
Google Chrome < 149.0.7827.53 - Content Security Policy Bypass via Malicious Extension
CVSS 4.3
CVE-2026-11236 HIGH
Google Chrome < 149.0.7827.53 - Sandbox Escape via Web Bluetooth Policy Bypass
CVSS 8.3
CVE-2026-11184 MEDIUM
Google Chrome < 149.0.7827.53 - Navigation Restriction Bypass via Crafted HTML Page
CVSS 6.3
CVE-2026-11092 HIGH
Google Chrome - Privilege Escalation
CVSS 8.8
CVE-2026-11062 MEDIUM
Google Chrome < 149.0.7827.53 - Script Injection via Malicious Extension
CVSS 4.3
CVE-2026-11025 MEDIUM
Google Chrome < 149.0.7827.53 - Content Security Policy Bypass via Navigation
CVSS 6.5
CVE-2026-11018 MEDIUM
Google Chrome < 149.0.7827.53 - Navigation Restriction Bypass via Crafted HTML Page
CVSS 6.5
CVE-2026-11014 MEDIUM
Google Chrome < 149.0.7827.53 - Site Isolation Bypass via Malicious Extension
CVSS 6.5
CVE-2026-11011 HIGH
Google Chrome < 149.0.7827.53 - Insufficient Policy Enforcement in Password Manager
CVSS 8.1
CVE-2026-42329 MEDIUM
IRIS <2.4.28 - Open Redirect
CVSS 4.7
CVE-2026-44567 HIGH
Open WebUI: Open WebUI Improper Authorization Control
CVSS 7.3
CVE-2026-42266 HIGH
jupyterlab: Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.
CVSS 8.8
CVE-2026-42160 CRITICAL
Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend
CVE-2026-5901 MEDIUM
Google Chrome <147.0.7727.55 - Policy Enforcement Bypass
CVSS 6.5
CVE-2026-39415 MEDIUM
Frappe Learning Management System has Client-Side Manipulation of Quiz Scores
CVSS 4.3
CVE-2026-30522 MEDIUM
SourceCodester Loan Management System 1.0 - Business Logic
CVSS 6.5
CVE-2026-30521 MEDIUM
SourceCodester Loan Management System 1.0 - Business Logic
CVSS 6.5
CVE-2026-3941 MEDIUM
Google Chrome <146.0.7680.71 - Auth Bypass
CVSS 4.3
CVE-2026-30933 HIGH
FileBrowser Quantum <1.3.1-beta/1.2.2-stable - Info Disclosure
CVSS 7.5
CVE-2026-25737 HIGH
Budibase <=3.24.0 - Arbitrary File Upload
CVSS 8.9
CVE-2026-29077 HIGH
Frappe <15.98.0/14.100.0 - Privilege Escalation
CVSS 7.1
CVE-2026-30783 CRITICAL
RustDesk Client <=1.4.5 - Privilege Escalation
CVSS 9.8
CVE-2026-23859 LOW
Dell Wyse Management Suite <5.5 - Auth Bypass
CVSS 2.7
CVE-2026-0808 MEDIUM
Spin Wheel <= 2.1.0 - Unauthenticated Prize Manipulation via Prize Index
CVSS 5.3
Details
Vulnerabilities 118
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits