Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

CVE-2026-28536 (GCVE-0-2026-28536)

Vulnerability from cvelistv5 – Published: 2026-03-05 07:10 – Updated: 2026-03-05 15:17
VLAI
Summary
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS Affected: 6.0.0
Affected: 5.1.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T15:16:54.435170Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-05T15:17:03.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.0"
            },
            {
              "status": "affected",
              "version": "5.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality."
            }
          ],
          "value": "Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T07:10:39.237Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
        },
        {
          "url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"
        },
        {
          "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2026-28536",
    "datePublished": "2026-03-05T07:10:39.237Z",
    "dateReserved": "2026-02-28T03:58:12.087Z",
    "dateUpdated": "2026-03-05T15:17:03.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25555 (GCVE-0-2026-25555)

Vulnerability from cvelistv5 – Published: 2026-06-08 16:53 – Updated: 2026-07-14 15:53 X_Open Source
VLAI
Title
OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header
Summary
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
openbullet openbullet2 Affected: 0 , ≤ 0.3.2 (semver)
Create a notification for this product.
Date Public
2026-06-04 00:00
Credits
Maksim Rogov VulnCheck
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25555",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-08T17:48:55.557211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-08T17:50:15.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageURL": "pkg:github/openbullet/openbullet2",
          "product": "openbullet2",
          "repo": "https://github.com/openbullet/openbullet2",
          "vendor": "openbullet",
          "versions": [
            {
              "lessThanOrEqual": "0.3.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Maksim Rogov"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "VulnCheck"
        }
      ],
      "datePublic": "2026-06-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware\u0027s comparison of the supplied header against an empty AdminApiKey default string to access the admin console and all API endpoints without valid credentials."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T15:53:41.845Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openbullet2-authentication-bypass-via-x-api-key-header"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-25555",
    "datePublished": "2026-06-08T16:53:37.270Z",
    "dateReserved": "2026-02-02T20:12:33.395Z",
    "dateUpdated": "2026-07-14T15:53:41.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22153 (GCVE-0-2026-22153)

Vulnerability from cvelistv5 – Published: 2026-02-10 15:39 – Updated: 2026-02-26 15:04
VLAI
Summary
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.4 (semver)
    cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22153",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T04:56:21.036753Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:11.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.4",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T15:39:12.214Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2026-22153",
    "datePublished": "2026-02-10T15:39:12.214Z",
    "dateReserved": "2026-01-06T15:01:17.446Z",
    "dateUpdated": "2026-02-26T15:04:11.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20152 (GCVE-0-2026-20152)

Vulnerability from cvelistv5 – Published: 2026-04-15 16:03 – Updated: 2026-04-16 19:05
VLAI
Title
Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability
Summary
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Web Appliance Affected: 11.8.0-453
Affected: 12.5.3-002
Affected: 12.0.3-007
Affected: 12.0.3-005
Affected: 14.1.0-032
Affected: 14.1.0-047
Affected: 14.1.0-041
Affected: 12.0.4-002
Affected: 14.0.2-012
Affected: 11.8.0-414
Affected: 12.0.1-268
Affected: 11.8.1-023
Affected: 11.8.3-021
Affected: 11.8.3-018
Affected: 12.5.1-011
Affected: 11.8.4-004
Affected: 12.5.2-007
Affected: 12.5.2-011
Affected: 14.5.0-498
Affected: 12.5.4-005
Affected: 12.5.4-011
Affected: 12.0.5-011
Affected: 14.0.3-014
Affected: 12.5.5-004
Affected: 12.5.5-005
Affected: 12.5.5-008
Affected: 14.0.4-005
Affected: 14.5.1-008
Affected: 14.5.1-016
Affected: 15.0.0-355
Affected: 15.0.0-322
Affected: 12.5.6-008
Affected: 15.1.0-287
Affected: 14.5.2-011
Affected: 15.2.0-116
Affected: 14.0.5-007
Affected: 15.2.0-164
Affected: 14.5.1-510
Affected: 12.0.2-012
Affected: 12.0.2-004
Affected: 14.5.1-607
Affected: 14.5.3-033
Affected: 15.0.1-004
Affected: 15.2.1-011
Affected: 14.5.0-673
Affected: 14.5.0-537
Affected: 12.0.1-334
Affected: 14.0.1-503
Affected: 14.0.1-053
Affected: 11.8.0-429
Affected: 14.0.1-040
Affected: 14.0.1-014
Affected: 12.5.1-043
Affected: 15.2.2-009
Affected: 15.2.3-007
Affected: 15.2.4-022
Affected: 15.2.5-011
Affected: 15.2.5-013
Affected: 14.6.0-108
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T16:47:46.764093Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T16:56:35.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Web Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.8.0-453"
            },
            {
              "status": "affected",
              "version": "12.5.3-002"
            },
            {
              "status": "affected",
              "version": "12.0.3-007"
            },
            {
              "status": "affected",
              "version": "12.0.3-005"
            },
            {
              "status": "affected",
              "version": "14.1.0-032"
            },
            {
              "status": "affected",
              "version": "14.1.0-047"
            },
            {
              "status": "affected",
              "version": "14.1.0-041"
            },
            {
              "status": "affected",
              "version": "12.0.4-002"
            },
            {
              "status": "affected",
              "version": "14.0.2-012"
            },
            {
              "status": "affected",
              "version": "11.8.0-414"
            },
            {
              "status": "affected",
              "version": "12.0.1-268"
            },
            {
              "status": "affected",
              "version": "11.8.1-023"
            },
            {
              "status": "affected",
              "version": "11.8.3-021"
            },
            {
              "status": "affected",
              "version": "11.8.3-018"
            },
            {
              "status": "affected",
              "version": "12.5.1-011"
            },
            {
              "status": "affected",
              "version": "11.8.4-004"
            },
            {
              "status": "affected",
              "version": "12.5.2-007"
            },
            {
              "status": "affected",
              "version": "12.5.2-011"
            },
            {
              "status": "affected",
              "version": "14.5.0-498"
            },
            {
              "status": "affected",
              "version": "12.5.4-005"
            },
            {
              "status": "affected",
              "version": "12.5.4-011"
            },
            {
              "status": "affected",
              "version": "12.0.5-011"
            },
            {
              "status": "affected",
              "version": "14.0.3-014"
            },
            {
              "status": "affected",
              "version": "12.5.5-004"
            },
            {
              "status": "affected",
              "version": "12.5.5-005"
            },
            {
              "status": "affected",
              "version": "12.5.5-008"
            },
            {
              "status": "affected",
              "version": "14.0.4-005"
            },
            {
              "status": "affected",
              "version": "14.5.1-008"
            },
            {
              "status": "affected",
              "version": "14.5.1-016"
            },
            {
              "status": "affected",
              "version": "15.0.0-355"
            },
            {
              "status": "affected",
              "version": "15.0.0-322"
            },
            {
              "status": "affected",
              "version": "12.5.6-008"
            },
            {
              "status": "affected",
              "version": "15.1.0-287"
            },
            {
              "status": "affected",
              "version": "14.5.2-011"
            },
            {
              "status": "affected",
              "version": "15.2.0-116"
            },
            {
              "status": "affected",
              "version": "14.0.5-007"
            },
            {
              "status": "affected",
              "version": "15.2.0-164"
            },
            {
              "status": "affected",
              "version": "14.5.1-510"
            },
            {
              "status": "affected",
              "version": "12.0.2-012"
            },
            {
              "status": "affected",
              "version": "12.0.2-004"
            },
            {
              "status": "affected",
              "version": "14.5.1-607"
            },
            {
              "status": "affected",
              "version": "14.5.3-033"
            },
            {
              "status": "affected",
              "version": "15.0.1-004"
            },
            {
              "status": "affected",
              "version": "15.2.1-011"
            },
            {
              "status": "affected",
              "version": "14.5.0-673"
            },
            {
              "status": "affected",
              "version": "14.5.0-537"
            },
            {
              "status": "affected",
              "version": "12.0.1-334"
            },
            {
              "status": "affected",
              "version": "14.0.1-503"
            },
            {
              "status": "affected",
              "version": "14.0.1-053"
            },
            {
              "status": "affected",
              "version": "11.8.0-429"
            },
            {
              "status": "affected",
              "version": "14.0.1-040"
            },
            {
              "status": "affected",
              "version": "14.0.1-014"
            },
            {
              "status": "affected",
              "version": "12.5.1-043"
            },
            {
              "status": "affected",
              "version": "15.2.2-009"
            },
            {
              "status": "affected",
              "version": "15.2.3-007"
            },
            {
              "status": "affected",
              "version": "15.2.4-022"
            },
            {
              "status": "affected",
              "version": "15.2.5-011"
            },
            {
              "status": "affected",
              "version": "15.2.5-013"
            },
            {
              "status": "affected",
              "version": "14.6.0-108"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T19:05:18.524Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-wsa-auth-bypass-6YZkTQhd",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd"
        }
      ],
      "source": {
        "advisory": "cisco-sa-wsa-auth-bypass-6YZkTQhd",
        "defects": [
          "CSCwr20696"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20152",
    "datePublished": "2026-04-15T16:03:43.828Z",
    "dateReserved": "2025-10-08T11:59:15.386Z",
    "dateUpdated": "2026-04-16T19:05:18.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10539 (GCVE-0-2026-10539)

Vulnerability from cvelistv5 – Published: 2026-07-01 07:55 – Updated: 2026-07-01 12:29
VLAI
Title
Unauthenticated command injection in Control-M/Server communication command
Summary
A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server.  This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication bypass by primary weakness
Assigner
Impacted products
Vendor Product Version
BMC Control-M/Server Unaffected: 9.0.21.300 (semver)
Affected: 9.0.20 , ≤ 9.0.21.200 (semver)
Create a notification for this product.
Credits
Jean-Romain Garnier from [Airbus Security Lab](https://airbus-seclab.github.io) - <vuln@airbus.com> Quentin Liddell from [Airbus Security Lab](https://airbus-seclab.github.io) - <vuln@airbus.com>
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T12:25:47.650975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T12:29:09.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Control-M/Server",
          "vendor": "BMC",
          "versions": [
            {
              "status": "unaffected",
              "version": "9.0.21.300",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.21.200",
              "status": "affected",
              "version": "9.0.20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jean-Romain Garnier from [Airbus Security Lab](https://airbus-seclab.github.io) - \u003cvuln@airbus.com\u003e"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Quentin Liddell from [Airbus Security Lab](https://airbus-seclab.github.io) - \u003cvuln@airbus.com\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.\u003c/p\u003e"
            }
          ],
          "value": "A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server.\u00a0\n\n\n\nThis vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.5,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication bypass by primary weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T07:55:00.615Z",
        "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "shortName": "airbus"
      },
      "references": [
        {
          "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA3cx000000GFZNCA4\u0026type=Solution"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated command injection in Control-M/Server communication command",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
    "assignerShortName": "airbus",
    "cveId": "CVE-2026-10539",
    "datePublished": "2026-07-01T07:55:00.615Z",
    "dateReserved": "2026-06-01T12:16:11.016Z",
    "dateUpdated": "2026-07-01T12:29:09.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9798 (GCVE-0-2026-9798)

Vulnerability from cvelistv5 – Published: 2026-05-28 04:37 – Updated: 2026-05-29 18:30
VLAI
Title
Keycloak: keycloak: brute-force protection bypass in ciba flow
Summary
A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication (CIBA) flow to bypass this brute-force protection. This allows continued authentication attempts and token issuance even when the account should be locked, potentially enabling further unauthorized access attempts.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-9798 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482470 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
Create a notification for this product.
Date Public
2026-05-28 03:53
Credits
Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9798",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T18:29:49.249825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T18:30:05.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-28T03:53:01.734Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication (CIBA) flow to bypass this brute-force protection. This allows continued authentication attempts and token issuance even when the account should be locked, potentially enabling further unauthorized access attempts."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T04:37:09.472Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9798"
        },
        {
          "name": "RHBZ#2482470",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482470"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T03:49:51.972Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-28T03:53:01.734Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: brute-force protection bypass in ciba flow",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, ensure that Client-Initiated Backchannel Authentication (CIBA) is not enabled in Keycloak realms unless explicitly required. If CIBA is enabled, consider disabling it to prevent the bypass of brute-force protection mechanisms. Consult Keycloak documentation for instructions on managing CIBA configuration."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9798",
    "datePublished": "2026-05-28T04:37:09.472Z",
    "dateReserved": "2026-05-28T03:51:03.615Z",
    "dateUpdated": "2026-05-29T18:30:05.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9597 (GCVE-0-2026-9597)

Vulnerability from cvelistv5 – Published: 2026-07-13 08:17 – Updated: 2026-07-13 13:55
VLAI
Title
Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint
Summary
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - – Authentication Bypass by Primary Weakness
Assigner
References
URL Tags
https://mattermost.com/security-updates vendor-advisory
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
Affected: 11.6.0 , ≤ 11.6.4 (semver)
Unaffected: 11.8.0
Unaffected: 11.7.3
Unaffected: 11.6.5
Create a notification for this product.
Credits
alimursaliyev
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T13:55:09.692643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T13:55:15.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.7.2",
              "status": "affected",
              "version": "11.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.6.4",
              "status": "affected",
              "version": "11.6.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.8.0"
            },
            {
              "status": "unaffected",
              "version": "11.7.3"
            },
            {
              "status": "unaffected",
              "version": "11.6.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "alimursaliyev"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 \u2013 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T08:17:36.717Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00681",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00681",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-68994"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-9597",
    "datePublished": "2026-07-13T08:17:36.717Z",
    "dateReserved": "2026-05-26T15:15:14.343Z",
    "dateUpdated": "2026-07-13T13:55:15.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9571 (GCVE-0-2026-9571)

Vulnerability from cvelistv5 – Published: 2026-07-13 07:50 – Updated: 2026-07-15 04:00
VLAI
Title
Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost
Summary
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - – Authentication Bypass by Primary Weakness
Assigner
References
URL Tags
https://mattermost.com/security-updates vendor-advisory
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 11.7.0 , ≤ 11.7.2 (semver)
Affected: 11.6.0 , ≤ 11.6.4 (semver)
Affected: 10.11.0 , ≤ 10.11.19 (semver)
Unaffected: 11.8.0
Unaffected: 11.7.3
Unaffected: 11.6.5
Unaffected: 10.11.20
Create a notification for this product.
Credits
kirs112
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9571",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T04:00:07.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.7.2",
              "status": "affected",
              "version": "11.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.6.4",
              "status": "affected",
              "version": "11.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.19",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.8.0"
            },
            {
              "status": "unaffected",
              "version": "11.7.3"
            },
            {
              "status": "unaffected",
              "version": "11.6.5"
            },
            {
              "status": "unaffected",
              "version": "10.11.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "kirs112"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 \u2013 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T07:50:55.793Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00680",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.8.0, 11.7.3, 11.6.5, 10.11.20 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00680",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-68982"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Deactivated user accounts can continue to obtain valid OAuth access tokens via refresh token grant in Mattermost",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-9571",
    "datePublished": "2026-07-13T07:50:55.793Z",
    "dateReserved": "2026-05-26T11:52:27.228Z",
    "dateUpdated": "2026-07-15T04:00:07.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9047 (GCVE-0-2026-9047)

Vulnerability from cvelistv5 – Published: 2026-05-22 15:18 – Updated: 2026-05-22 16:58
VLAI
Summary
Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication bypass by primary weakness
Assigner
Impacted products
Vendor Product Version
Devolutions Server Affected: 2026.1.6.0 , ≤ 2026.1.16.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-9047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T16:58:25.424737Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T16:58:40.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Server",
          "vendor": "Devolutions",
          "versions": [
            {
              "lessThanOrEqual": "2026.1.16.0",
              "status": "affected",
              "version": "2026.1.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user\u0027s password to bypass the user\u0027s multi-factor authentication after the user reconfigures their factors.\u003cp\u003eThis issue affects :\u003c/p\u003e\u003cul\u003e\u003cli\u003eDevolutions Server 2026.1.6.0 through 2026.1.16.0\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user\u0027s password to bypass the user\u0027s multi-factor authentication after the user reconfigures their factors.\n\nThis issue affects :\n\n  *  Devolutions Server 2026.1.6.0 through 2026.1.16.0"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication bypass by primary weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:18:39.966Z",
        "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
        "shortName": "DEVOLUTIONS"
      },
      "references": [
        {
          "url": "https://devolutions.net/security/advisories/DEVO-2026-0013/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
    "assignerShortName": "DEVOLUTIONS",
    "cveId": "CVE-2026-9047",
    "datePublished": "2026-05-22T15:18:39.966Z",
    "dateReserved": "2026-05-19T19:17:26.747Z",
    "dateUpdated": "2026-05-22T16:58:40.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6334 (GCVE-0-2026-6334)

Vulnerability from cvelistv5 – Published: 2026-05-18 06:33 – Updated: 2026-05-18 14:36
VLAI
Title
OAuth authorization code client binding not enforced during token redemption in Mattermost
Summary
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - – Authentication Bypass by Primary Weakness
Assigner
References
URL Tags
https://mattermost.com/security-updates vendor-advisory
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 11.5.0 , ≤ 11.5.1 (semver)
Affected: 10.11.0 , ≤ 10.11.13 (semver)
Unaffected: 11.6.0
Unaffected: 11.5.2
Unaffected: 10.11.14
Create a notification for this product.
Credits
Dylan Haussermann
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6334",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-18T14:36:26.287945Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-18T14:36:36.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "11.5.1",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.11.13",
              "status": "affected",
              "version": "10.11.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "11.6.0"
            },
            {
              "status": "unaffected",
              "version": "11.5.2"
            },
            {
              "status": "unaffected",
              "version": "10.11.14"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dylan Haussermann"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermost Advisory ID: MMSA-2026-00570"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 \u2013 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-18T06:33:56.008Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "name": "MMSA-2026-00570",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Mattermost to versions 11.6.0, 11.5.2, 10.11.14 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2026-00570",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-67071"
        ],
        "discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
      },
      "title": "OAuth authorization code client binding not enforced during token redemption in Mattermost"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2026-6334",
    "datePublished": "2026-05-18T06:33:56.008Z",
    "dateReserved": "2026-04-15T08:55:52.710Z",
    "dateUpdated": "2026-05-18T14:36:36.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.