CWE-288 · Authentication Bypass Using an Alternate Path or Channel
587 CVEs classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-53576 | Critical | 10.0 | 2026-06-26 | Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) t… |
CVE-2026-53622 | Critical | 10.0 | 2026-06-23 | Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection th… |
CVE-2026-48491 | Critical | 10.0 | 2026-06-23 | Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNI… |
CVE-2026-48020 | Critical | 10.0 | 2026-06-23 | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middle… |
CVE-2026-20079 | Critical | 10.0 | 2026-03-04 | A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authen… |
CVE-2024-11639 | Critical | 10.0 | 2024-12-10 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access |
CVE-2024-10081 | Critical | 10.0 | 2024-11-06 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the A… |
CVE-2024-2973 | Critical | 10.0 | 2024-06-27 | An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer a… |
CVE-2024-2013 | Critical | 10.0 | 2024-06-11 | An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to in… |
CVE-2024-1709 | Critical | 10.0 | 2024-02-21 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an atta… |
CVE-2023-42770 | Critical | 10.0 | 2023-11-21 | Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP… |
CVE-2026-10523 | Critical | 9.9 | 2026-06-09 | An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to… |
CVE-2019-25763 | Critical | 9.8 | 2026-06-20 | WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by explo… |
CVE-2026-49767 | Critical | 9.8 | 2026-06-17 | Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions. |
CVE-2026-49764 | Critical | 9.8 | 2026-06-15 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. |
CVE-2025-41273 | Critical | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in… |
CVE-2026-24207 | Critical | 9.8 | 2026-05-20 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability migh… |
CVE-2026-40621 | Critical | 9.8 | 2026-05-13 | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authenticatio… |
CVE-2026-7458 | Critical | 9.8 | 2026-05-02 | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to t… |
CVE-2026-7567 | Critical | 9.8 | 2026-05-01 | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation… |