CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CVE-2025-68609 (GCVE-0-2025-68609)
Vulnerability from cvelistv5 – Published: 2026-01-22 19:06 – Updated: 2026-01-22 19:33
VLAI
Title
Authentication bypass in Aries due to misconfiguration
Summary
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.aries:aries |
Unaffected:
1.554.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T19:29:47.910483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T19:33:36.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.aries:aries",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.554.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Palantir\u0027s Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\u0027s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker."
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T19:06:05.914Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5"
}
],
"source": {
"defect": [
"PLTRSEC-2025-53"
],
"discovery": "INTERNAL"
},
"title": "Authentication bypass in Aries due to misconfiguration"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-68609",
"datePublished": "2026-01-22T19:06:05.914Z",
"dateReserved": "2025-12-19T12:56:08.266Z",
"dateUpdated": "2026-01-22T19:33:36.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7064 (GCVE-0-2025-7064)
Vulnerability from cvelistv5 – Published: 2026-06-11 09:07 – Updated: 2026-06-11 12:43
VLAI
Title
Freelance Security Lock – Access to Windows OS
Summary
Authentication bypass by primary weakness vulnerability in ABB Freelance.
This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication bypass by primary weakness
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T12:43:43.075897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T12:43:52.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Freelance",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2013",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2013 SP1",
"versionType": "custom"
},
{
"status": "affected",
"version": "2016",
"versionType": "custom"
},
{
"status": "affected",
"version": "2016 SP1",
"versionType": "custom"
},
{
"status": "affected",
"version": "2019",
"versionType": "custom"
},
{
"status": "affected",
"version": "2019 SP1",
"versionType": "custom"
},
{
"status": "affected",
"version": "2019 SP1 FP1",
"versionType": "custom"
},
{
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication bypass by primary weakness vulnerability in ABB Freelance.\u003cp\u003eThis issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.\u003c/p\u003e"
}
],
"value": "Authentication bypass by primary weakness vulnerability in ABB Freelance.\n\nThis issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P/AU:N/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication bypass by primary weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T09:07:30.912Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA020361\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Freelance Security Lock \u2013 Access to Windows OS",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-7064",
"datePublished": "2026-06-11T09:07:30.912Z",
"dateReserved": "2025-07-04T09:09:57.969Z",
"dateUpdated": "2026-06-11T12:43:52.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0869 (GCVE-0-2026-0869)
Vulnerability from cvelistv5 – Published: 2026-03-03 19:59 – Updated: 2026-03-04 21:19
VLAI
Title
Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0
Summary
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T21:19:47.100257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:19:58.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ASCG",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric."
}
],
"value": "Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114: Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T19:59:53.312Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/37121"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2026-0869",
"datePublished": "2026-03-03T19:59:53.312Z",
"dateReserved": "2026-01-12T23:18:49.312Z",
"dateUpdated": "2026-03-04T21:19:58.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1290 (GCVE-0-2026-1290)
Vulnerability from cvelistv5 – Published: 2026-01-21 15:25 – Updated: 2026-01-21 15:49
VLAI
Title
[PI141230] Fixed A broken access control issue.
Summary
Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Date Public
2026-01-20 15:10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:48:43.243242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T15:49:21.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jamf Pro",
"vendor": "Jamf",
"versions": [
{
"lessThanOrEqual": "11.24",
"status": "affected",
"version": "11.20",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-01-20T15:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.\u003cp\u003eThis issue affects Jamf Pro: from 11.20 through 11.24.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "unspecified impact"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T15:25:19.543Z",
"orgId": "67325c3f-c596-46c5-a235-e1a1e73abe4e",
"shortName": "JAMF"
},
"references": [
{
"url": "https://learn.jamf.com/en-US/bundle/jamf-pro-release-notes-11.24.0/page/Resolved_Issues.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "[PI141230] Fixed A broken access control issue.",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "67325c3f-c596-46c5-a235-e1a1e73abe4e",
"assignerShortName": "JAMF",
"cveId": "CVE-2026-1290",
"datePublished": "2026-01-21T15:25:19.543Z",
"dateReserved": "2026-01-21T15:24:32.098Z",
"dateUpdated": "2026-01-21T15:49:21.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1713 (GCVE-0-2026-1713)
Vulnerability from cvelistv5 – Published: 2026-03-03 20:28 – Updated: 2026-03-03 20:49
VLAI
Title
IBM MQ is affected by an authority vulnerablility
Summary
IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7261944 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ |
Affected:
9.1.0.0 , ≤ 9.1.0.33 LTS
(semver)
Affected: 9.2.0.0 , ≤ 9.2.0.40 LTS (semver) Affected: 9.3.0.0 , ≤ 9.3.0.36 LTS (semver) Affected: 9.30.0 , ≤ 9.3.5.1 CD (semver) Affected: 9.4.0.0 , ≤ 9.4.0.17 LTS (semver) Affected: 9.4.0.0 , ≤ 9.4.4.1 CD (semver) cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.1.0.33:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.2.0.40:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.3.0.36:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.30.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.4.0.17:*:*:*:*:*:*:* cpe:2.3:a:ibm:mq:9.4.4.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-1713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T20:49:06.741799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:49:10.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.1.0.33:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.2.0.40:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.3.0.36:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.30.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.4.1:*:*:*:*:*:*:*"
],
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "9.1.0.33 LTS",
"status": "affected",
"version": "9.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.0.40 LTS",
"status": "affected",
"version": "9.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.3.0.36 LTS",
"status": "affected",
"version": "9.3.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.3.5.1 CD",
"status": "affected",
"version": "9.30.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.0.17 LTS",
"status": "affected",
"version": "9.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.4.1 CD",
"status": "affected",
"version": "9.4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD\u003c/p\u003e"
}
],
"value": "IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:33:23.734Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7261944"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eThis issue was addressed under Known Issue DT433340\u003c/p\u003e\u003cp\u003eIBM MQ version 9.1 LTS\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-91-lts\"\u003eApply cumulative security update 9.1.0.34\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIBM MQ version 9.2 LTS\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-92-lts\"\u003eApply cumulative security update 9.2.0.41\u003c/a\u003e\u0026nbsp; \u003c/p\u003e\u003cp\u003eIBM MQ version 9.3 LTS\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-93-lts\"\u003eApply cumulative security update 9.3.0.37\u003c/a\u003e\u0026nbsp; \u003c/p\u003e\u003cp\u003eIBM MQ version 9.4 LTS\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-94-lts\"\u003eApply fixpack 9.4.0.20\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eIBM MQ version 9.3 CD and 9.4 CD\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/downloading-ibm-mq-94-cd\"\u003eUpgrade to IBM MQ version 9.4.5.0\u003c/a\u003e\u0026nbsp;or later continuous delivery release\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "This issue was addressed under Known Issue DT433340\n\nIBM MQ version 9.1 LTS\n\n Apply cumulative security update 9.1.0.34 https://www.ibm.com/support/pages/downloading-ibm-mq-91-lts \n\nIBM MQ version 9.2 LTS\n\n Apply cumulative security update 9.2.0.41 https://www.ibm.com/support/pages/downloading-ibm-mq-92-lts \u00a0 \n\nIBM MQ version 9.3 LTS\n\n Apply cumulative security update 9.3.0.37 https://www.ibm.com/support/pages/downloading-ibm-mq-93-lts \u00a0 \n\nIBM MQ version 9.4 LTS\n\n Apply fixpack 9.4.0.20 https://www.ibm.com/support/pages/downloading-ibm-mq-94-lts \u00a0\n\nIBM MQ version 9.3 CD and 9.4 CD\n\n Upgrade to IBM MQ version 9.4.5.0 https://www.ibm.com/support/pages/downloading-ibm-mq-94-cd \u00a0or later continuous delivery release"
}
],
"title": "IBM MQ is affected by an authority vulnerablility",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1713",
"datePublished": "2026-03-03T20:28:42.869Z",
"dateReserved": "2026-01-30T18:45:45.742Z",
"dateUpdated": "2026-03-03T20:49:10.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20152 (GCVE-0-2026-20152)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:03 – Updated: 2026-04-16 19:05
VLAI
Title
Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability
Summary
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.
This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Web Appliance |
Affected:
11.8.0-453
Affected: 12.5.3-002 Affected: 12.0.3-007 Affected: 12.0.3-005 Affected: 14.1.0-032 Affected: 14.1.0-047 Affected: 14.1.0-041 Affected: 12.0.4-002 Affected: 14.0.2-012 Affected: 11.8.0-414 Affected: 12.0.1-268 Affected: 11.8.1-023 Affected: 11.8.3-021 Affected: 11.8.3-018 Affected: 12.5.1-011 Affected: 11.8.4-004 Affected: 12.5.2-007 Affected: 12.5.2-011 Affected: 14.5.0-498 Affected: 12.5.4-005 Affected: 12.5.4-011 Affected: 12.0.5-011 Affected: 14.0.3-014 Affected: 12.5.5-004 Affected: 12.5.5-005 Affected: 12.5.5-008 Affected: 14.0.4-005 Affected: 14.5.1-008 Affected: 14.5.1-016 Affected: 15.0.0-355 Affected: 15.0.0-322 Affected: 12.5.6-008 Affected: 15.1.0-287 Affected: 14.5.2-011 Affected: 15.2.0-116 Affected: 14.0.5-007 Affected: 15.2.0-164 Affected: 14.5.1-510 Affected: 12.0.2-012 Affected: 12.0.2-004 Affected: 14.5.1-607 Affected: 14.5.3-033 Affected: 15.0.1-004 Affected: 15.2.1-011 Affected: 14.5.0-673 Affected: 14.5.0-537 Affected: 12.0.1-334 Affected: 14.0.1-503 Affected: 14.0.1-053 Affected: 11.8.0-429 Affected: 14.0.1-040 Affected: 14.0.1-014 Affected: 12.5.1-043 Affected: 15.2.2-009 Affected: 15.2.3-007 Affected: 15.2.4-022 Affected: 15.2.5-011 Affected: 15.2.5-013 Affected: 14.6.0-108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:47:46.764093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:35.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Web Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.8.0-453"
},
{
"status": "affected",
"version": "12.5.3-002"
},
{
"status": "affected",
"version": "12.0.3-007"
},
{
"status": "affected",
"version": "12.0.3-005"
},
{
"status": "affected",
"version": "14.1.0-032"
},
{
"status": "affected",
"version": "14.1.0-047"
},
{
"status": "affected",
"version": "14.1.0-041"
},
{
"status": "affected",
"version": "12.0.4-002"
},
{
"status": "affected",
"version": "14.0.2-012"
},
{
"status": "affected",
"version": "11.8.0-414"
},
{
"status": "affected",
"version": "12.0.1-268"
},
{
"status": "affected",
"version": "11.8.1-023"
},
{
"status": "affected",
"version": "11.8.3-021"
},
{
"status": "affected",
"version": "11.8.3-018"
},
{
"status": "affected",
"version": "12.5.1-011"
},
{
"status": "affected",
"version": "11.8.4-004"
},
{
"status": "affected",
"version": "12.5.2-007"
},
{
"status": "affected",
"version": "12.5.2-011"
},
{
"status": "affected",
"version": "14.5.0-498"
},
{
"status": "affected",
"version": "12.5.4-005"
},
{
"status": "affected",
"version": "12.5.4-011"
},
{
"status": "affected",
"version": "12.0.5-011"
},
{
"status": "affected",
"version": "14.0.3-014"
},
{
"status": "affected",
"version": "12.5.5-004"
},
{
"status": "affected",
"version": "12.5.5-005"
},
{
"status": "affected",
"version": "12.5.5-008"
},
{
"status": "affected",
"version": "14.0.4-005"
},
{
"status": "affected",
"version": "14.5.1-008"
},
{
"status": "affected",
"version": "14.5.1-016"
},
{
"status": "affected",
"version": "15.0.0-355"
},
{
"status": "affected",
"version": "15.0.0-322"
},
{
"status": "affected",
"version": "12.5.6-008"
},
{
"status": "affected",
"version": "15.1.0-287"
},
{
"status": "affected",
"version": "14.5.2-011"
},
{
"status": "affected",
"version": "15.2.0-116"
},
{
"status": "affected",
"version": "14.0.5-007"
},
{
"status": "affected",
"version": "15.2.0-164"
},
{
"status": "affected",
"version": "14.5.1-510"
},
{
"status": "affected",
"version": "12.0.2-012"
},
{
"status": "affected",
"version": "12.0.2-004"
},
{
"status": "affected",
"version": "14.5.1-607"
},
{
"status": "affected",
"version": "14.5.3-033"
},
{
"status": "affected",
"version": "15.0.1-004"
},
{
"status": "affected",
"version": "15.2.1-011"
},
{
"status": "affected",
"version": "14.5.0-673"
},
{
"status": "affected",
"version": "14.5.0-537"
},
{
"status": "affected",
"version": "12.0.1-334"
},
{
"status": "affected",
"version": "14.0.1-503"
},
{
"status": "affected",
"version": "14.0.1-053"
},
{
"status": "affected",
"version": "11.8.0-429"
},
{
"status": "affected",
"version": "14.0.1-040"
},
{
"status": "affected",
"version": "14.0.1-014"
},
{
"status": "affected",
"version": "12.5.1-043"
},
{
"status": "affected",
"version": "15.2.2-009"
},
{
"status": "affected",
"version": "15.2.3-007"
},
{
"status": "affected",
"version": "15.2.4-022"
},
{
"status": "affected",
"version": "15.2.5-011"
},
{
"status": "affected",
"version": "15.2.5-013"
},
{
"status": "affected",
"version": "14.6.0-108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:05:18.524Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-wsa-auth-bypass-6YZkTQhd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd"
}
],
"source": {
"advisory": "cisco-sa-wsa-auth-bypass-6YZkTQhd",
"defects": [
"CSCwr20696"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20152",
"datePublished": "2026-04-15T16:03:43.828Z",
"dateReserved": "2025-10-08T11:59:15.386Z",
"dateUpdated": "2026-04-16T19:05:18.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22153 (GCVE-0-2026-22153)
Vulnerability from cvelistv5 – Published: 2026-02-10 15:39 – Updated: 2026-02-26 15:04
VLAI
Summary
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T04:56:21.036753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:11.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:39:12.214Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22153",
"datePublished": "2026-02-10T15:39:12.214Z",
"dateReserved": "2026-01-06T15:01:17.446Z",
"dateUpdated": "2026-02-26T15:04:11.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25555 (GCVE-0-2026-25555)
Vulnerability from cvelistv5 – Published: 2026-06-08 16:53 – Updated: 2026-06-08 17:50 X_Open Source
VLAI
Title
OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header
Summary
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://hackernoon.com/one-empty-header-to-admin-… | technical-descriptionexploit |
| https://www.vulncheck.com/advisories/openbullet2-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openbullet | openbullet2 |
Affected:
0 , ≤ 0.3.2
(semver)
|
Date Public
2026-06-04 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T17:48:55.557211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T17:50:15.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "openbullet2",
"repo": "https://github.com/openbullet/openbullet2",
"vendor": "openbullet",
"versions": [
{
"lessThanOrEqual": "0.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maksim Rogov"
},
{
"lang": "en",
"type": "finder",
"value": "VulnCheck"
}
],
"datePublic": "2026-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware\u0027s comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:53:37.270Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openbullet2-authentication-bypass-via-x-api-key-header"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-25555",
"datePublished": "2026-06-08T16:53:37.270Z",
"dateReserved": "2026-02-02T20:12:33.395Z",
"dateUpdated": "2026-06-08T17:50:15.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2652 (GCVE-0-2026-2652)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:13 – Updated: 2026-05-15 13:22
VLAI
Title
Authentication Bypass in mlflow/mlflow
Summary
A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API (`/ajax-api/3.0/jobs/*`) and the OpenTelemetry trace ingestion API (`/v1/traces`) unprotected. This allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. The issue arises from an architectural mismatch between Flask and FastAPI authentication mechanisms, where the `_find_fastapi_validator()` function fails to handle non-`/gateway/` paths, resulting in a complete authentication bypass. This vulnerability is fixed in version 3.10.0.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mlflow | mlflow/mlflow |
Affected:
unspecified , < 3.10.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2652",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:22:14.645523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:22:21.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/5aeff5f0-49c7-4180-b5cb-c9a046f16756"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mlflow/mlflow",
"vendor": "mlflow",
"versions": [
{
"lessThan": "3.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API (`/ajax-api/3.0/jobs/*`) and the OpenTelemetry trace ingestion API (`/v1/traces`) unprotected. This allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. The issue arises from an architectural mismatch between Flask and FastAPI authentication mechanisms, where the `_find_fastapi_validator()` function fails to handle non-`/gateway/` paths, resulting in a complete authentication bypass. This vulnerability is fixed in version 3.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:13:19.541Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/5aeff5f0-49c7-4180-b5cb-c9a046f16756"
},
{
"url": "https://github.com/mlflow/mlflow/commit/bb62e773263c14e9ba4d1a82fe72d0de2442c6aa"
}
],
"source": {
"advisory": "5aeff5f0-49c7-4180-b5cb-c9a046f16756",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in mlflow/mlflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2026-2652",
"datePublished": "2026-05-15T02:13:19.541Z",
"dateReserved": "2026-02-18T02:53:33.607Z",
"dateUpdated": "2026-05-15T13:22:21.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28536 (GCVE-0-2026-28536)
Vulnerability from cvelistv5 – Published: 2026-03-05 07:10 – Updated: 2026-03-05 15:17
VLAI
Summary
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:16:54.435170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:17:03.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality."
}
],
"value": "Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:10:39.237Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28536",
"datePublished": "2026-03-05T07:10:39.237Z",
"dateReserved": "2026-02-28T03:58:12.087Z",
"dateUpdated": "2026-03-05T15:17:03.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.