CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5947 vulnerabilities reference this CWE, most recent first.
CVE-2026-61436 (GCVE-0-2026-61436)
Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 11:25- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/MervinPraison/PraisonAI/securi… | vendor-advisory |
| https://github.com/MervinPraison/PraisonAI/commit… | patch |
| https://github.com/MervinPraison/PraisonAI/commit… | patch |
| https://www.vulncheck.com/advisories/praisonai-be… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| MervinPraison | PraisonAI |
Affected:
0 , < 4.6.78
(semver)
Unaffected: 4.6.78 (semver) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:pypi/praisonai",
"product": "PraisonAI",
"vendor": "MervinPraison",
"versions": [
{
"lessThan": "4.6.78",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.6.78",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.6.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "rexpository"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message content."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T11:25:40.377Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-7c92-x8vg-4258)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-7c92-x8vg-4258"
},
{
"name": "https://github.com/MervinPraison/PraisonAI/commit/846568c7a5d8ce9e71e56e4c213f027c04909753",
"tags": [
"patch"
],
"url": "https://github.com/MervinPraison/PraisonAI/commit/846568c7a5d8ce9e71e56e4c213f027c04909753"
},
{
"name": "https://github.com/MervinPraison/PraisonAI/commit/2a855c470077c7d2e2479a575f7ef7f548d51c33",
"tags": [
"patch"
],
"url": "https://github.com/MervinPraison/PraisonAI/commit/2a855c470077c7d2e2479a575f7ef7f548d51c33"
},
{
"name": "VulnCheck Advisory: PraisonAI before 4.6.78 Missing Webhook Signature Verification",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/praisonai-before-missing-webhook-signature-verification"
}
],
"title": "PraisonAI before 4.6.78 Missing Webhook Signature Verification",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-61436",
"datePublished": "2026-07-15T11:25:40.377Z",
"dateReserved": "2026-07-09T14:05:47.928Z",
"dateUpdated": "2026-07-15T11:25:40.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-61435 (GCVE-0-2026-61435)
Vulnerability from cvelistv5 – Published: 2026-07-15 11:25 – Updated: 2026-07-15 11:25- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/MervinPraison/PraisonAI/securi… | vendor-advisory |
| https://github.com/MervinPraison/PraisonAI/commit… | patch |
| https://github.com/MervinPraison/PraisonAI/commit… | patch |
| https://www.vulncheck.com/advisories/praisonai-be… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| MervinPraison | PraisonAI |
Affected:
0 , < 4.6.78
(semver)
Unaffected: 4.6.78 (semver) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:pypi/praisonai",
"product": "PraisonAI",
"vendor": "MervinPraison",
"versions": [
{
"lessThan": "4.6.78",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.6.78",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.6.78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "rexpository"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints (src/praisonai/praisonai/api/agent_invoke.py) when PRAISONAI_CALL_AUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host from request.url.hostname, which is taken from the client-controlled HTTP Host header. A remote, unauthenticated attacker who can reach the service over the network can send a spoofed \u0027Host: 127.0.0.1\u0027 header to bypass the localhost-only restriction and list (GET /api/v1/agents) and invoke (POST /api/v1/agents/{agent_id}/invoke) registered agents without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T11:25:39.670Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-2gpf-2492-q9jh)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2gpf-2492-q9jh"
},
{
"name": "https://github.com/MervinPraison/PraisonAI/commit/2a855c470077c7d2e2479a575f7ef7f548d51c33",
"tags": [
"patch"
],
"url": "https://github.com/MervinPraison/PraisonAI/commit/2a855c470077c7d2e2479a575f7ef7f548d51c33"
},
{
"name": "https://github.com/MervinPraison/PraisonAI/commit/846568c7a5d8ce9e71e56e4c213f027c04909753",
"tags": [
"patch"
],
"url": "https://github.com/MervinPraison/PraisonAI/commit/846568c7a5d8ce9e71e56e4c213f027c04909753"
},
{
"name": "VulnCheck Advisory: PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/praisonai-before-authentication-bypass-via-host-header-spoofing"
}
],
"title": "PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-61435",
"datePublished": "2026-07-15T11:25:39.670Z",
"dateReserved": "2026-07-09T14:05:21.471Z",
"dateUpdated": "2026-07-15T11:25:39.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59822 (GCVE-0-2026-59822)
Vulnerability from cvelistv5 – Published: 2026-07-08 19:32 – Updated: 2026-07-09 14:31| URL | Tags |
|---|---|
| https://github.com/BerriAI/litellm/security/advis… | x_refsource_CONFIRM |
| https://github.com/BerriAI/litellm/pull/26463 | x_refsource_MISC |
| https://github.com/BerriAI/litellm/commit/73869f0… | x_refsource_MISC |
| https://github.com/BerriAI/litellm/releases/tag/v1.84.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:31:02.315980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:31:08.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "litellm",
"vendor": "BerriAI",
"versions": [
{
"status": "affected",
"version": "\u003c 1.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, LiteLLM\u0027s MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key validation with an empty UserAPIKeyAuth() object, allowing requests to reach MCP tooling without a valid LiteLLM key. This issue is fixed in version 1.84.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T19:32:18.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-7488-6r32-c95q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-7488-6r32-c95q"
},
{
"name": "https://github.com/BerriAI/litellm/pull/26463",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BerriAI/litellm/pull/26463"
},
{
"name": "https://github.com/BerriAI/litellm/commit/73869f0faf7d11ee21adcb5f91b8c33a340b6c2c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BerriAI/litellm/commit/73869f0faf7d11ee21adcb5f91b8c33a340b6c2c"
},
{
"name": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0"
}
],
"source": {
"advisory": "GHSA-7488-6r32-c95q",
"discovery": "UNKNOWN"
},
"title": "LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59822",
"datePublished": "2026-07-08T19:32:18.611Z",
"dateReserved": "2026-07-07T15:00:50.978Z",
"dateUpdated": "2026-07-09T14:31:08.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59224 (GCVE-0-2026-59224)
Vulnerability from cvelistv5 – Published: 2026-07-09 17:09 – Updated: 2026-07-10 03:55| URL | Tags |
|---|---|
| https://github.com/open-webui/open-webui/security… | x_refsource_CONFIRM |
| https://github.com/open-webui/open-webui/pull/26042 | x_refsource_MISC |
| https://github.com/open-webui/open-webui/commit/5… | x_refsource_MISC |
| https://github.com/open-webui/open-webui/releases… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| open-webui | open-webui |
Affected:
< 0.10.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T03:55:48.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "open-webui",
"vendor": "open-webui",
"versions": [
{
"status": "affected",
"version": "\u003c 0.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal backend resolve another user identity; the HTTP proxy path also forwarded X-User-Id as an integrity-unbound identity claim. This issue is fixed in version 0.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:09:31.980Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-j657-m4c4-24jq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-j657-m4c4-24jq"
},
{
"name": "https://github.com/open-webui/open-webui/pull/26042",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-webui/open-webui/pull/26042"
},
{
"name": "https://github.com/open-webui/open-webui/commit/5f3a628a8d291bb5d33e1a0b0c89fb62a2927934",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-webui/open-webui/commit/5f3a628a8d291bb5d33e1a0b0c89fb62a2927934"
},
{
"name": "https://github.com/open-webui/open-webui/releases/tag/v0.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-webui/open-webui/releases/tag/v0.10.0"
}
],
"source": {
"advisory": "GHSA-j657-m4c4-24jq",
"discovery": "UNKNOWN"
},
"title": "Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the upstream (X-User-Id header and ws_terminal session_id query injection)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59224",
"datePublished": "2026-07-09T17:09:31.980Z",
"dateReserved": "2026-07-02T21:05:02.925Z",
"dateUpdated": "2026-07-10T03:55:48.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59208 (GCVE-0-2026-59208)
Vulnerability from cvelistv5 – Published: 2026-07-09 15:27 – Updated: 2026-07-14 00:20| URL | Tags |
|---|---|
| https://github.com/n8n-io/n8n/security/advisories… | x_refsource_CONFIRM |
| https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.4 | x_refsource_MISC |
| https://github.com/n8n-io/n8n/releases/tag/n8n%402.28.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:19:54.573804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:20:06.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n8n",
"vendor": "n8n-io",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.28.0, \u003c 2.28.1"
},
{
"status": "affected",
"version": "\u003c 2.27.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T15:27:28.126Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mq3m-f8x3-579w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mq3m-f8x3-579w"
},
{
"name": "https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.4"
},
{
"name": "https://github.com/n8n-io/n8n/releases/tag/n8n%402.28.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/n8n-io/n8n/releases/tag/n8n%402.28.1"
}
],
"source": {
"advisory": "GHSA-mq3m-f8x3-579w",
"discovery": "UNKNOWN"
},
"title": "n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59208",
"datePublished": "2026-07-09T15:27:28.126Z",
"dateReserved": "2026-07-02T21:05:02.924Z",
"dateUpdated": "2026-07-14T00:20:06.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59151 (GCVE-0-2026-59151)
Vulnerability from cvelistv5 – Published: 2026-07-10 17:50 – Updated: 2026-07-13 18:03- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/prowler-cloud/prowler/security… | x_refsource_CONFIRM |
| https://github.com/prowler-cloud/prowler/pull/11650 | x_refsource_MISC |
| https://github.com/prowler-cloud/prowler/commit/b… | x_refsource_MISC |
| https://github.com/prowler-cloud/prowler/commit/f… | x_refsource_MISC |
| https://github.com/prowler-cloud/prowler/releases… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| prowler-cloud | prowler |
Affected:
< 5.30.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59151",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T18:02:53.136588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T18:03:20.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/prowler-cloud/prowler/security/advisories/GHSA-h8m9-jgf8-vwvp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "prowler",
"vendor": "prowler-cloud",
"versions": [
{
"status": "affected",
"version": "\u003c 5.30.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prowler is a cloud security platform. Prior to 5.30.3, Prowler\u0027s SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from user.email instead of binding token issuance to the validated SAML configuration. An authenticated attacker with a controlled SAML IdP could complete a valid SAML flow for an attacker-controlled domain while asserting an email address from another configured domain, causing a SAMLToken and tenant-scoped JWT to be issued for the wrong tenant and enabling cross-tenant account takeover. This issue is fixed in version 5.30.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T17:50:07.303Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/prowler-cloud/prowler/security/advisories/GHSA-h8m9-jgf8-vwvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/prowler-cloud/prowler/security/advisories/GHSA-h8m9-jgf8-vwvp"
},
{
"name": "https://github.com/prowler-cloud/prowler/pull/11650",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prowler-cloud/prowler/pull/11650"
},
{
"name": "https://github.com/prowler-cloud/prowler/commit/bf3b5c2ba713e533014927141b64948c82c8f32e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prowler-cloud/prowler/commit/bf3b5c2ba713e533014927141b64948c82c8f32e"
},
{
"name": "https://github.com/prowler-cloud/prowler/commit/f5ff30ad175bd2edf02cd28872653c1cda5867b7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prowler-cloud/prowler/commit/f5ff30ad175bd2edf02cd28872653c1cda5867b7"
},
{
"name": "https://github.com/prowler-cloud/prowler/releases/tag/5.30.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prowler-cloud/prowler/releases/tag/5.30.3"
}
],
"source": {
"advisory": "GHSA-h8m9-jgf8-vwvp",
"discovery": "UNKNOWN"
},
"title": "Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59151",
"datePublished": "2026-07-10T17:50:07.303Z",
"dateReserved": "2026-07-02T16:50:27.886Z",
"dateUpdated": "2026-07-13T18:03:20.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58423 (GCVE-0-2026-58423)
Vulnerability from cvelistv5 – Published: 2026-07-03 20:54 – Updated: 2026-07-06 15:09| URL | Tags |
|---|---|
| https://github.com/go-gitea/gitea/security/adviso… | vendor-advisory |
| https://github.com/go-gitea/gitea/pull/38008 | patch |
| https://github.com/go-gitea/gitea/releases/tag/v1.26.4 | release-notes |
| https://blog.gitea.com/release-of-1.26.3-and-1.26.4/ | release-notes |
| Vendor | Product | Version | |
|---|---|---|---|
| Gitea | Gitea Open Source Git Server |
Affected:
1.23.0 , ≤ 1.26.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58423",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:09:51.573714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:09:55.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-7wvc-rvp7-w99x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gitea Open Source Git Server",
"vendor": "Gitea",
"versions": [
{
"lessThanOrEqual": "1.26.2",
"status": "affected",
"version": "1.23.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tomer-PL"
}
],
"descriptions": [
{
"lang": "en",
"value": "LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T20:54:52.580Z",
"orgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"shortName": "Gitea"
},
"references": [
{
"name": "GitHub Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-7wvc-rvp7-w99x"
},
{
"name": "GitHub Pull Request #38008",
"tags": [
"patch"
],
"url": "https://github.com/go-gitea/gitea/pull/38008"
},
{
"name": "Gitea v1.26.4 Release",
"tags": [
"release-notes"
],
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.26.4"
},
{
"name": "Gitea v1.26.4 Release Blog Post",
"tags": [
"release-notes"
],
"url": "https://blog.gitea.com/release-of-1.26.3-and-1.26.4/"
}
],
"title": "LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "88ee5874-cf24-4952-aea0-31affedb7ff2",
"assignerShortName": "Gitea",
"cveId": "CVE-2026-58423",
"datePublished": "2026-07-03T20:54:52.580Z",
"dateReserved": "2026-06-30T18:57:20.614Z",
"dateUpdated": "2026-07-06T15:09:55.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58399 (GCVE-0-2026-58399)
Vulnerability from cvelistv5 – Published: 2026-07-01 14:25 – Updated: 2026-07-02 14:26- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/antonio-castellon/module-auth/… | x_refsource_CONFIRM |
| https://github.com/antonio-castellon/module-auth/… | x_refsource_MISC |
| https://www.npmjs.com/package/@acastellon/auth/v/2.3.0 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| antonio-castellon | module-auth |
Affected:
< 2.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T14:25:47.187429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T14:26:00.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "module-auth",
"vendor": "antonio-castellon",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken() through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get(\u0027host\u0027).startsWith(getHostName()). Both values involved in the check can be influenced by an unauthenticated HTTP client: auth-user is a request header, and Host is also client-controlled. As a result, a remote unauthenticated attacker can send a request with crafted headers and bypass token validation before the normal legacy/JWT/OIDC validation logic runs. A fix has been implemented in v2.3.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:25:44.452Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/antonio-castellon/module-auth/security/advisories/GHSA-gfj5-979r-92pw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/antonio-castellon/module-auth/security/advisories/GHSA-gfj5-979r-92pw"
},
{
"name": "https://github.com/antonio-castellon/module-auth/issues/6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antonio-castellon/module-auth/issues/6"
},
{
"name": "https://www.npmjs.com/package/@acastellon/auth/v/2.3.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/@acastellon/auth/v/2.3.0"
}
],
"source": {
"advisory": "GHSA-gfj5-979r-92pw",
"discovery": "UNKNOWN"
},
"title": "@acastellon/auth has an authentication bypass via spoofable headers in validateToken()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58399",
"datePublished": "2026-07-01T14:25:44.452Z",
"dateReserved": "2026-06-30T18:19:58.378Z",
"dateUpdated": "2026-07-02T14:26:00.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58253 (GCVE-0-2026-58253)
Vulnerability from cvelistv5 – Published: 2026-07-08 19:43 – Updated: 2026-07-09 13:35- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/nats-io/nats-server/security/a… | x_refsource_CONFIRM |
| https://github.com/nats-io/nats-server/commit/7b8… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/commit/8b8… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/commit/b86… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| https://github.com/nats-io/nats-server/releases/t… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| nats-io | nats-server |
Affected:
< 2.11.16
Affected: >= 2.12.0-preview.1, < 2.12.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-58253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:35:15.515260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:35:24.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nats-server",
"vendor": "nats-io",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.16"
},
{
"status": "affected",
"version": "\u003e= 2.12.0-preview.1, \u003c 2.12.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T19:43:13.776Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45"
},
{
"name": "https://github.com/nats-io/nats-server/commit/7b81dd455ea95960090a84858c7662827948d1b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/7b81dd455ea95960090a84858c7662827948d1b6"
},
{
"name": "https://github.com/nats-io/nats-server/commit/8b8e1ad4ceed32321e00d4fc6e76be05bc13bca6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/8b8e1ad4ceed32321e00d4fc6e76be05bc13bca6"
},
{
"name": "https://github.com/nats-io/nats-server/commit/b86147e81710a52b72a7f7275f91d69f723f5cb3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/commit/b86147e81710a52b72a7f7275f91d69f723f5cb3"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7"
},
{
"name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0"
}
],
"source": {
"advisory": "GHSA-38x3-76xf-cq45",
"discovery": "UNKNOWN"
},
"title": "NATS Server: Route API Auth Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58253",
"datePublished": "2026-07-08T19:43:13.776Z",
"dateReserved": "2026-06-29T21:54:30.330Z",
"dateUpdated": "2026-07-09T13:35:24.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57216 (GCVE-0-2026-57216)
Vulnerability from cvelistv5 – Published: 2026-07-10 20:20 – Updated: 2026-07-13 14:01- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://github.com/rabbitmq/rabbitmq-server/secur… | x_refsource_CONFIRM |
| https://github.com/rabbitmq/rabbitmq-server/pull/15936 | x_refsource_MISC |
| https://github.com/rabbitmq/rabbitmq-server/pull/15940 | x_refsource_MISC |
| https://github.com/rabbitmq/rabbitmq-server/commi… | x_refsource_MISC |
| https://github.com/rabbitmq/rabbitmq-server/commi… | x_refsource_MISC |
| https://github.com/rabbitmq/rabbitmq-server/relea… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| rabbitmq | rabbitmq-server |
Affected:
>= 4.2.0, < 4.2.6
Affected: >= 4.1.0, < 4.1.11 Affected: >= 4.0.0, < 4.0.21 Affected: >= 3.13.0, < 3.13.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57216",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T14:00:50.887777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T14:01:23.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-36m6-588r-vqcw"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0, \u003c 4.2.6"
},
{
"status": "affected",
"version": "\u003e= 4.1.0, \u003c 4.1.11"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.21"
},
{
"status": "affected",
"version": "\u003e= 3.13.0, \u003c 3.13.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend listener is loopback-bound because the loopback check uses the listener-side socket address instead of the real client source. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T20:20:33.269Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-36m6-588r-vqcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-36m6-588r-vqcw"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/pull/15936",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/15936"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/pull/15940",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/15940"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/commit/7273c9eb6920abcde17b892dbe97ccaf906ead47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/commit/7273c9eb6920abcde17b892dbe97ccaf906ead47"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/commit/9f8c39fcf0acbc43080ee7017a62a02832114112",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/commit/9f8c39fcf0acbc43080ee7017a62a02832114112"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6"
}
],
"source": {
"advisory": "GHSA-36m6-588r-vqcw",
"discovery": "UNKNOWN"
},
"title": "RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-57216",
"datePublished": "2026-07-10T20:20:33.269Z",
"dateReserved": "2026-06-24T02:21:33.810Z",
"dateUpdated": "2026-07-13T14:01:23.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.