Home/Tag/Authentication Bypass

Authentication Bypass

17 articles tagged with "Authentication Bypass"

Vulnerabilities4 min read

Cisco Patches Dual 9.8 CVSS Flaws in IMC and SSM On-Prem

CVE-2026-20093 and CVE-2026-20160 let unauthenticated attackers take full control of Cisco UCS servers and licensing infrastructure. No workarounds exist.

Marcus ChenApr 6, 2026

Vulnerabilities3 min read

OpenClaw Bootstrap Replay Bug Enables Admin Takeover (CVE-2026-32987)

Critical CVSS 9.8 flaw in OpenClaw AI agent platform lets attackers replay setup codes for privilege escalation. Patch to version 2026.3.13 immediately.

Marcus ChenMar 30, 2026

Vulnerabilities4 min read

TP-Link Archer Routers Vulnerable to Unauthenticated Takeover

Critical CVE-2025-15517 allows attackers to bypass authentication on TP-Link Archer NX routers, upload malicious firmware, and modify configurations without credentials.

Marcus ChenMar 26, 2026

Vulnerabilities3 min read

Quest KACE SMA CVSS 10.0 Flaw Exploited in the Wild

Attackers exploiting CVE-2025-32975 authentication bypass in Quest KACE to hijack admin accounts and deploy credential harvesters. Patched in May 2025—many remain exposed.

Marcus ChenMar 24, 2026

Vulnerabilities3 min read

HPE AOS-CX Switches Vulnerable to Admin Password Reset (CVSS 9.8)

CVE-2026-23813 allows unauthenticated attackers to reset admin passwords on HPE Aruba AOS-CX switches. No exploitation seen yet, but patch immediately.

Marcus ChenMar 16, 2026

Vulnerabilities4 min read

Ivanti EPM Auth Bypass Now Under Active Exploitation, CISA Warns

CVE-2026-1603 allows unauthenticated attackers to steal credential vaults from Ivanti Endpoint Manager. CISA added it to KEV catalog after exploitation detected.

Marcus ChenMar 11, 2026

Vulnerabilities4 min read

Caddy Server Flaw Lets Users Impersonate Admins

CVE-2026-30851 in Caddy's forward_auth module enables identity injection and privilege escalation. Any valid user can impersonate administrators. Update to 2.11.2.

Marcus ChenMar 8, 2026

Vulnerabilities4 min read

WeGIA Charity Management Platform Exposes Three Critical Flaws

CVE-2026-28408 and related vulnerabilities allow unauthenticated attackers to bypass security, inject data, and execute code on WeGIA servers. Patch to version 3.6.5 immediately.

Marcus ChenFeb 28, 2026

Vulnerabilities3 min read

Vikunja Auth Flaw Lets Attackers Maintain Access After Password Reset

CVE-2026-27575 combines weak password enforcement with persistent sessions in Vikunja, enabling attackers to retain access even after victims change credentials.

Marcus ChenFeb 27, 2026

Vulnerabilities3 min read

SmarterMail Flaw Exploited in Ransomware Attacks

CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.

Marcus ChenFeb 6, 2026

Vulnerabilities3 min read

SolarWinds Web Help Desk Gets Emergency Patches for Four Critical Flaws

Deserialization bugs and authentication bypasses enable unauthenticated RCE. Attackers have targeted WHD vulnerabilities before.

Marcus ChenJan 30, 2026

Vulnerabilities4 min read

Fortinet FortiCloud SSO Zero-Day Exploited to Hijack Firewalls

CVE-2026-24858 allows attackers with FortiCloud accounts to log into other organizations' FortiGate devices. Patches rolling out now.

Marcus ChenJan 28, 2026

Vulnerabilities4 min read

SmarterMail Auth Bypass Lets Attackers Reset Admin Passwords

CVE-2026-23760 enables unauthenticated admin takeover in SmarterMail. Exploitation began two days after patch release.

Marcus ChenJan 27, 2026

Vulnerabilities3 min read

11-Year-Old Telnet Bug Hands Attackers Root Access

CVE-2026-24061 allows remote authentication bypass in GNU InetUtils telnetd. Exploitation activity detected within hours of disclosure.

Marcus ChenJan 24, 2026

Security Guides6 min read

Auth Bypass in Network Appliances: A Pattern Emerges

From Fortinet to SonicWall, authentication bypass vulnerabilities share common traits. Understanding these patterns helps security teams prioritize patching.

Emily ParkJan 10, 2026

Vulnerabilities4 min read

IBM API Connect Auth Bypass Rated CVSS 9.8

CVE-2025-13915 allows remote attackers to bypass authentication without credentials. Affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 used by major banks and airlines.

Marcus ChenJan 1, 2026

Vulnerabilities3 min read

Critical Fortinet FortiGate Auth Bypass Under Active Exploitation

Two critical CVSS 9.8 vulnerabilities in FortiGate devices are being actively exploited just days after patch release. Attackers targeting SSO authentication.

Marcus ChenDec 16, 2025