CWE-288 · Authentication Bypass Using an Alternate Path or Channel

587 CVEs classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). Browse by severity and year.

Top CVEs for CWE-288
CVESeverityScorePublishedSummary
CVE-2026-53576Critical10.02026-06-26Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) t…
CVE-2026-53622Critical10.02026-06-23Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection th…
CVE-2026-48491Critical10.02026-06-23Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNI…
CVE-2026-48020Critical10.02026-06-23Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middle…
CVE-2026-20079Critical10.02026-03-04A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authen…
CVE-2024-11639Critical10.02024-12-10An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVE-2024-10081Critical10.02024-11-06CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the A…
CVE-2024-2973Critical10.02024-06-27An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer a…
CVE-2024-2013Critical10.02024-06-11An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to in…
CVE-2024-1709Critical10.02024-02-21ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an atta…
CVE-2023-42770Critical10.02023-11-21 Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP…
CVE-2026-10523Critical9.92026-06-09An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to…
CVE-2019-25763Critical9.82026-06-20WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by explo…
CVE-2026-49767Critical9.82026-06-17Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
CVE-2026-49764Critical9.82026-06-15Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
CVE-2025-41273Critical9.82026-05-29Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in…
CVE-2026-24207Critical9.82026-05-20NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability migh…
CVE-2026-40621Critical9.82026-05-13ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authenticatio…
CVE-2026-7458Critical9.82026-05-02The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to t…
CVE-2026-7567Critical9.82026-05-01The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation…