Tag: auth-bypass
All items tagged auth-bypass.
- CVE-2026-0257 — Palo Alto Networks PAN-OS GlobalProtect: authentication bypass under active exploitation
- CVE-2026-25089 / CVE-2026-39808 / CVE-2026-39813 — FortiSandbox: three critical flaws exploited in one 24-hour window
- CVE-2026-50751 — Check Point Security Gateway IKEv1 VPN authentication bypass: public PoC, Qilin affiliate use
- CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to root command execution
- CVE-2026-0647 et al. — Rockwell Automation FLEX I/O unauthenticated password reset (9.4) and Logix CIP DoS, flagged by NCSC-CH
- CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to authenticated root command execution
- CVE-2026-0647 et al. — Rockwell Automation FLEX I/O unauthenticated password reset (CVSS 9.4) and Logix CIP denial-of-service, flagged by NCSC-CH
- BSI flags 13 vulnerabilities patched in Zammad 7.1 — admin privilege escalation in a DACH public-sector helpdesk platform
- UPDATE: FortiSandbox — three critical flaws now exploited simultaneously, including the previously disclosure-only CVE-2026-25089
- UPDATE: PAN-OS GlobalProtect CVE-2026-0257 — exploitation wave with Impacket post-compromise, NCSC-CH refreshes advisory
- UPDATE: Check Point IKEv1 CVE-2026-50751 — public PoC raises exploitation risk
- CVE-2026-48611 / CVE-2026-48612 — phpBB: unauthenticated authentication bypass to admin, one HTTP request
- CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass exploited by a Qilin affiliate `[SINGLE-SOURCE]`
- CVE-2026-44748 — SAP NetWeaver AS ABAP: SAML XML Signature Wrapping (CVSS 9.9) `[SINGLE-SOURCE]`
- CVE-2026-10795 — UpdraftPlus WordPress backup plugin: unauthenticated authentication bypass to RCE
- CVE-2026-48558 — SimpleHelp RMM: unauthenticated OIDC authentication bypass yields a full technician session
- "GreatXML": unpatched BitLocker bypass via crafted XML on the recovery partition — PoC public, practical severity contested
- ServiceNow unauthenticated REST endpoint queried customer instance tables before a silent 5 June patch
- CVE-2026-10520 / CVE-2026-10523 — Ivanti Sentry: pre-auth OS command injection to root (CVSS 10.0), public PoC published today
- CVE-2026-44748 — SAP June Patch Day: SAML XML Signature Wrapping in NetWeaver AS ABAP (CVSS 9.9) plus an unauth RFC kernel memory-corruption (CVSS 9.8)
- CVE-2026-7473 — Arista EOS tunnel-decapsulation logic flaw bypasses segmentation, added to CISA KEV
- UPDATE: PAN-OS GlobalProtect auth-bypass (CVE-2026-0257) — Unit 42 confirms attackers established working gateway sessions
- CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass, actively exploited by a Qilin affiliate
- CVE-2026-49200 / CVE-2026-49201 — Acer Wave-7 mesh routers: cleartext-credential log + hardcoded backup key, CVSS 10.0, no patch
- Keycloak 26.6.3 — 16 CVEs in the EU public sector's reference IAM, led by token-exchange privilege escalation and SSRF [SINGLE-SOURCE vendor advisory]
- CVE-2026-10868 — MISP: mass-assignment account-takeover (CVSS 9.0) in the EU threat-sharing platform
- CVE-2026-10868 — MISP: critical mass-assignment account-takeover in the EU threat-sharing platform
- GMO Flatt Security: one GitHub issue could hijack any public repo running Anthropic's claude-code-action — and could have poisoned the action itself
- CVE-2026-8206 + CVE-2026-8181 — Kirki and Burst Statistics WordPress plugins: unauthenticated account takeover under active mass-exploitation
- CVE-2026-10611 — MISP: OTP bypass when LDAP mixed-auth and OTP enforcement are both enabled
- CVE-2026-8732 — WP Maps Pro WordPress plugin: unauthenticated admin-account creation, actively exploited
- CVE-2026-44825 — Apache Solr: unauthenticated admin via hardcoded template credentials, no patch yet
- Mautic 7.1.2 / 6.0.9 — seven authenticated flaws, including two post-auth RCE paths (SSTI and path-traversal-to-PHP-RCE), an SSRF and an API authorization bypass
- CVE-2026-0257 — Palo Alto PAN-OS GlobalProtect: Pre-Auth Authentication Bypass via Certificate Reuse
- CVE-2026-48710 "BadHost" — Starlette (FastAPI / vLLM / LiteLLM / MCP SDK): Pre-Auth Auth Bypass via Malformed Host Header
- FortiClient EMS CVE-2026-35616 actively exploited to push EKZ Infostealer through trusted endpoint-management channel
- CVE-2026-44848 & CVE-2026-44849 — Portainer CE: Docker plugin endpoints unguarded; Swarm-service security checks bypassed (CVSS 9.4)
- ILIAS LMS — nine fixes shipped 2026-05-27, two critical access-control gaps (CVSS 9.8 + 9.3), NCSC.ch flags SOAP interface as primary unauthenticated attack surface
- CVE-2026-35087 / CVE-2026-35089 / CVE-2026-35090 — Slican PBX telephony exchanges, triple pre-authentication admin bypass (CERT Polska)
- CVE-2026-9058 — Szafir SDK (KIR): signature-verification routine reports success on an untrusted certificate chain, enabling auth bypass in Polish e-government
- CVE-2026-0257 — Palo Alto PAN-OS GlobalProtect pre-auth authentication bypass, exploited in two waves by the same actor
- CVE-2026-35616 — Fortinet FortiClient EMS pre-auth bypass, exploited to push EKZ Infostealer down the management channel
- CVE-2026-48710 "BadHost" — Starlette pre-auth host-header auth bypass across the Python AI/ASGI stack
- Public administration & identity (CH / DACH lead) — the LMS, SSO and e-government estate under multi-product pressure
- SonicWall Gen6 SSL-VPN incomplete-patching (CVE-2024-12802) — Akira-linked actors brute-force MFA via UPN/SAM account-name split, February–March 2026 intrusions
- CVE-2026-42822 — Microsoft Azure Local Disconnected Operations (ALDO): CVSS 10.0 unauthenticated network elevation-of-privilege, "Exploitation More Likely"
- Keycloak 26.6.2 — 16 CVEs including OIDC session fixation (CVE-2026-7507), WebAuthn execute-actions token replay (CVE-2026-37982), introspection audience bypass (CVE-2026-37979) and cross-realm IDOR in Authorization Services (CVE-2026-4630)
- Sparx Enterprise Architect / Pro Cloud Server — five-CVE chain (pre-auth SQL injection + WebEA race-condition RCE), public PoC, no vendor patch
- BigBlueButton bbb-web < 3.0.21 / < 3.0.23 — three flaws in EU education and government virtual-classroom platform: weak session-token randomness, API checksum bypass, SSRF
- SonicWall Gen6 SSL-VPN CVE-2024-12802 — Akira-linked actors bypassing MFA on *officially-patched* firmware
- CVE-2026-42822 — Azure Local Disconnected Operations: CVSS 10.0 unauthenticated network elevation-of-privilege
- CVE-2026-42096 … -42100 — Sparx Enterprise Architect / Pro Cloud Server: five-CVE pre-auth chain, public PoC, no patch
- CVE-2026-7507 (+15) — Keycloak 26.6.2: identity-provider cluster including OIDC session fixation and cross-realm IDOR
- Education — virtual-classroom platforms and EdTech SaaS exposure
- Cisco Catalyst SD-WAN CVE-2026-20182 — UAT-8616 active, CISA Emergency Directive ED-26-03, 10+ companion-CVE clusters
- CVE-2026-45691 — Nextcloud Server / Enterprise Server: 2FA bypass on WebDAV via pre-authenticated session token reuse
- CVE-2026-6973 + CVE-2026-5787 — Ivanti EPMM on-prem pre-auth chain to admin RCE; 508 EU instances internet-exposed; named EU victims include the European Commission
- CVE-2026-42208 LiteLLM Proxy — pre-auth SQL injection exposing upstream LLM-provider API keys at the multi-tenant SaaS layer
- CVE-2026-44128 et al. — SEPPmail Secure Email Gateway: six-CVE cluster on the Swiss public sector's dominant email-encryption appliance
- cPanel / WHM — two emergency TSRs inside ten days: post-CVE-2026-41940 fleet now facing CVE-2026-29201/29202/29203
- CVE-2026-42208 — LiteLLM Proxy pre-authentication SQL injection: CISA KEV deadline 2026-05-11; all upstream LLM API keys at risk
- CVE-2026-44128 et al. — SEPPmail Secure Email Gateway: CVSS 9.3 unauthenticated RCE and five additional CVEs [SINGLE-SOURCE-NATIONAL-CERT carve-out + vendor]
- Swiss and DACH Deployment Context
- CVE-2026-5787 / CVE-2026-6973 — Ivanti EPMM pre-auth certificate impersonation → admin RCE (CISA KEV deadline **2026-05-10**)
- CVE-2026-5787 — Ivanti EPMM improper certificate validation (pre-auth Sentry impersonation, CVSS 9.1)