CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2026-50623 (GCVE-0-2026-50623)
Vulnerability from cvelistv5 – Published: 2026-06-12 08:52 – Updated: 2026-06-16 13:19- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
4.2.0 , < 4.2.2
(semver)
Affected: 0 , < 4.1.7 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-12T09:27:59.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/11/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-50623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-13T03:55:33.556791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T13:19:26.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf:cxf-rt-rs-security-oauth2",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.2.2",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Guanping Zhang reported this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF.\u0026nbsp;Due to a missing \u0027throw\u0027 keyword in the security context check, the introspection endpoint (/services/oauth2/introspect) can be accessed by any unauthenticated network attacker. However note that this is a safeguard only in the case that someone forgot to enable authentication on the service.\u0026nbsp;Users are recommended to upgrade to version 4.2.2 or 4.1.7, which fixes this issue.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF.\u00a0Due to a missing \u0027throw\u0027 keyword in the security context check, the introspection endpoint (/services/oauth2/introspect) can be accessed by any unauthenticated network attacker. However note that this is a safeguard only in the case that someone forgot to enable authentication on the service.\u00a0Users are recommended to upgrade to version 4.2.2 or 4.1.7, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T08:52:05.767Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/ydzj8m5mqmjy13xgyj9mkk9hfff63qq7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-50623",
"datePublished": "2026-06-12T08:52:05.767Z",
"dateReserved": "2026-06-05T10:20:37.692Z",
"dateUpdated": "2026-06-16T13:19:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50751 (GCVE-0-2026-50751)
Vulnerability from cvelistv5 – Published: 2026-06-08 11:07 – Updated: 2026-06-10 13:37- CWE-287 - Improper Authentication.
| URL | Tags |
|---|---|
| https://support.checkpoint.com/results/sk/sk185033 | |
| https://blog.checkpoint.com/security/check-point-… | vendor-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | Quantum Security Gateway |
Affected:
R82.10 with Jumbo Hotfix Take 19 or below
Affected: R82 with Jumbo Hotfix Take 103 or below Affected: R81.20 with Jumbo Hotfix Take 141 or below Affected: R81.10, R81, and R80.40 |
|
| checkpoint | Spark Firewalls |
Affected:
R80.20.X, R81.10.X, and R82.00.X
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-50751",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T03:55:36.834802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-06-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T13:37:27.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Quantum Security Gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R82.10 with Jumbo Hotfix Take 19 or below"
},
{
"status": "affected",
"version": "R82 with Jumbo Hotfix Take 103 or below"
},
{
"status": "affected",
"version": "R81.20 with Jumbo Hotfix Take 141 or below"
},
{
"status": "affected",
"version": "R81.10, R81, and R80.40"
}
]
},
{
"product": "Spark Firewalls",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "R80.20.X, R81.10.X, and R82.00.X"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password."
}
],
"metrics": [
{
"format": "CVSS",
"other": {
"content": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"type": "CVSSv4.0"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T11:07:15.746Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk185033"
}
],
"title": "User Authentication Bypass in VPN Remote Access and Mobile Access"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2026-50751",
"datePublished": "2026-06-08T11:07:15.746Z",
"dateReserved": "2026-06-07T09:42:08.251Z",
"dateUpdated": "2026-06-10T13:37:27.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5076 (GCVE-0-2026-5076)
Vulnerability from cvelistv5 – Published: 2026-06-02 18:30 – Updated: 2026-06-02 20:56- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| armember | ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup |
Affected:
0 , ≤ 7.3.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T20:31:48.636699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T20:56:08.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ARMember Premium \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile \u0026 User signup",
"vendor": "armember",
"versions": [
{
"lessThanOrEqual": "7.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ph\u00fa"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a password reset. This is in addition to the hashed key that WordPress core stores securely in `wp_users.user_activation_key`. The plaintext key stored in `wp_usermeta` can be used with the plugin\u0027s custom `armrp` reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-5073, CVE-2026-5074), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T18:30:46.269Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b15eca5-fd47-4f8f-8ade-3a90e0bfc110?source=cve"
},
{
"url": "https://codecanyon.net/item/armember-complete-wordpress-membership-system/17785056"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-13T18:51:02.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-02T05:30:45.000Z",
"value": "Disclosed"
}
],
"title": "ARMember Premium \u003c= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-5076",
"datePublished": "2026-06-02T18:30:46.269Z",
"dateReserved": "2026-03-28T13:25:02.784Z",
"dateUpdated": "2026-06-02T20:56:08.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5229 (GCVE-0-2026-5229)
Vulnerability from cvelistv5 – Published: 2026-05-15 07:46 – Updated: 2026-05-15 13:27- CWE-287 - Improper Authentication
| Vendor | Product | Version | |
|---|---|---|---|
| m615926 | Receive Notifications After Form Submitting – Form Notify for Any Forms |
Affected:
0 , ≤ 1.1.10
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:16:05.665357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:27:33.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Receive Notifications After Form Submitting \u2013 Form Notify for Any Forms",
"vendor": "m615926",
"versions": [
{
"lessThanOrEqual": "1.1.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn\u0027t provide an email address (which is common), the plugin falls back to reading the \u0027form_notify_line_email\u0027 cookie value without verifying that the LINE account is associated with that email address. This makes it possible for unauthenticated attackers to gain access to any user account on the site, including administrator accounts, by completing a LINE OAuth flow with their own LINE account while injecting a malicious cookie containing the target victim\u0027s email address."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T07:46:36.949Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f0a7d6f-9b95-4052-bab3-85aca01f6ab7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/form-notify/trunk/src/APIs/Line/Login/User.php#L72"
},
{
"url": "https://plugins.trac.wordpress.org/browser/form-notify/tags/1.1.08/src/APIs/Line/Login/User.php#L72"
},
{
"url": "https://plugins.trac.wordpress.org/browser/form-notify/trunk/src/APIs/Line/Login/Route.php#L116-L118"
},
{
"url": "https://plugins.trac.wordpress.org/browser/form-notify/tags/1.1.08/src/APIs/Line/Login/Route.php#L116-L118"
},
{
"url": "https://plugins.trac.wordpress.org/browser/form-notify/trunk/src/APIs/Line/Login/User.php#L53"
},
{
"url": "https://plugins.trac.wordpress.org/browser/form-notify/tags/1.1.08/src/APIs/Line/Login/User.php#L53"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3517908%40form-notify\u0026new=3517908%40form-notify\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://github.com/oberonlai/form-notify/commit/5eab0ea"
},
{
"url": "https://github.com/oberonlai/form-notify/commit/9780764"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-14T03:50:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-14T18:59:36.000Z",
"value": "Disclosed"
}
],
"title": "Receive Notifications After Form Submitting \u2013 Form Notify for Any Forms \u003c= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-5229",
"datePublished": "2026-05-15T07:46:36.949Z",
"dateReserved": "2026-03-31T13:24:44.823Z",
"dateUpdated": "2026-05-15T13:27:33.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52830 (GCVE-0-2026-52830)
Vulnerability from cvelistv5 – Published: 2026-07-02 20:39 – Updated: 2026-07-02 20:39| URL | Tags |
|---|---|
| https://web.archive.org/web/20250926152207/https:… | x_refsource_CONFIRM |
| https://github.com/advisories/GHSA-rxw2-pc8j-vxwm | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| leshchenko1979 | fast-mcp-telegram |
Affected:
< 0.19.1
|
{
"containers": {
"cna": {
"affected": [
{
"product": "fast-mcp-telegram",
"vendor": "leshchenko1979",
"versions": [
{
"status": "affected",
"version": "\u003c 0.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP client can therefore authenticate as the default legacy session with a token such as ../fast-mcp-telegram/telegram when the documented default session file ~/.config/fast-mcp-telegram/telegram.session exists. This bypasses the reserved session name control that is intended to prevent HTTP multi-user sessions from colliding with the default stdio or legacy account. With account-prefixed MCP tools enabled, the attacker still sees and calls the prefixed tools for the default account, so the prefix middleware does not stop the session selection bypass. This vulnerability is fixed in 0.19.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T20:39:35.927Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://web.archive.org/web/20250926152207/https://github.com/leshchenko1979/fast-mcp-telegram",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web.archive.org/web/20250926152207/https://github.com/leshchenko1979/fast-mcp-telegram"
},
{
"name": "https://github.com/advisories/GHSA-rxw2-pc8j-vxwm",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-rxw2-pc8j-vxwm"
}
],
"source": {
"advisory": "GHSA-rxw2-pc8j-vxwm",
"discovery": "UNKNOWN"
},
"title": "fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-52830",
"datePublished": "2026-07-02T20:39:35.927Z",
"dateReserved": "2026-06-08T18:11:06.662Z",
"dateUpdated": "2026-07-02T20:39:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52845 (GCVE-0-2026-52845)
Vulnerability from cvelistv5 – Published: 2026-06-23 17:52 – Updated: 2026-06-30 12:09| URL | Tags |
|---|---|
| https://github.com/caddyserver/caddy/security/adv… | x_refsource_CONFIRM |
| https://access.redhat.com/security/cve/CVE-2026-52845 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2491907 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| caddyserver | caddy |
Affected:
< 2.11.4
|
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52845",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T14:25:18.472130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T14:26:28.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-f59h-q822-g45g"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-23T17:52:01.871Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Caddy, an extensible server platform. A remote attacker can exploit a vulnerability in the `forward_auth` `copy_headers` functionality. This occurs because Caddy normalizes HTTP headers into Common Gateway Interface (CGI) variables by replacing hyphens with underscores, allowing a client to send an underscore alias that bypasses the header deletion step. This enables the remote attacker to inject or override identity and group headers trusted by PHP/FastCGI applications operating behind Caddy."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:09:47.929Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-52845"
},
{
"name": "RHBZ#2491907",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491907"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52845.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T19:02:21.968Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-23T17:52:01.871Z",
"value": "Made public."
}
],
"title": "github.com/caddyserver/caddy: Caddy: Remote client can inject or override identity headers via header normalization",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "caddy",
"vendor": "caddyserver",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through php_fastcgi, Caddy normalizes HTTP headers into CGI variables by replacing - with _. This lets a client send an underscore alias that survives the forward_auth delete step but becomes the same PHP/FastCGI variable. Result: a remote client can inject or sometimes override identity/group headers trusted by PHP/FastCGI applications behind Caddy. This vulnerability is fixed in 2.11.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:52:01.871Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/caddyserver/caddy/security/advisories/GHSA-f59h-q822-g45g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-f59h-q822-g45g"
}
],
"source": {
"advisory": "GHSA-f59h-q822-g45g",
"discovery": "UNKNOWN"
},
"title": "Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-52845",
"datePublished": "2026-06-23T17:52:01.871Z",
"dateReserved": "2026-06-08T18:41:27.724Z",
"dateUpdated": "2026-06-30T12:09:47.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5320 (GCVE-0-2026-5320)
Vulnerability from cvelistv5 – Published: 2026-04-02 03:45 – Updated: 2026-04-02 13:32| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354652 | vdb-entry |
| https://vuldb.com/vuln/354652/cti | signaturepermissions-required |
| https://vuldb.com/submit/780727 | third-party-advisory |
| https://github.com/August829/CVEP/issues/13 | exploitissue-tracking |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5320",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:24:26.747490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:32:13.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Chat API Endpoint"
],
"product": "vanna",
"vendor": "vanna-ai",
"versions": [
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu_Bao (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:45:11.517Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354652 | vanna-ai vanna Chat API Endpoint v2 missing authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/354652"
},
{
"name": "VDB-354652 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354652/cti"
},
{
"name": "Submit #780727 | vanna-ai vanna 2.0.2 Missing Authentication on All API Endpoints",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/780727"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/August829/CVEP/issues/13"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T15:05:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "vanna-ai vanna Chat API Endpoint v2 missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5320",
"datePublished": "2026-04-02T03:45:11.517Z",
"dateReserved": "2026-04-01T13:00:08.204Z",
"dateUpdated": "2026-04-02T13:32:13.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54089 (GCVE-0-2026-54089)
Vulnerability from cvelistv5 – Published: 2026-06-25 17:46 – Updated: 2026-06-25 18:33| URL | Tags |
|---|---|
| https://github.com/filebrowser/filebrowser/securi… | x_refsource_CONFIRM |
| https://github.com/filebrowser/filebrowser/blob/m… | x_refsource_MISC |
| https://github.com/filebrowser/filebrowser/blob/m… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| filebrowser | filebrowser |
Affected:
>= 2.0.0-rc.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54089",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:33:12.379285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:33:37.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "filebrowser",
"vendor": "filebrowser",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-rc.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication (auth.method=proxy), any unauthenticated attacker who can reach the server directly can impersonate any user - including admin - by sending a single forged HTTP header. No credentials are required. Additionally, specifying a non-existent username causes the server to automatically create a new user account, providing an account creation primitive with no authorization. This is an already known issue that has been documented in the documentation for several years, but has not been documented as a vulnerability before."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T17:46:13.119Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm"
},
{
"name": "https://github.com/filebrowser/filebrowser/blob/main/auth/proxy.go",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/filebrowser/filebrowser/blob/main/auth/proxy.go"
},
{
"name": "https://github.com/filebrowser/filebrowser/blob/main/http/auth.go#L121-L137",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/filebrowser/filebrowser/blob/main/http/auth.go#L121-L137"
}
],
"source": {
"advisory": "GHSA-xqp3-jq6g-x3qm",
"discovery": "UNKNOWN"
},
"title": "File Browser: Authentication Bypass via Proxy Auth Header Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54089",
"datePublished": "2026-06-25T17:46:13.119Z",
"dateReserved": "2026-06-11T18:44:47.761Z",
"dateUpdated": "2026-06-25T18:33:37.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54320 (GCVE-0-2026-54320)
Vulnerability from cvelistv5 – Published: 2026-06-23 18:11 – Updated: 2026-06-24 14:28| URL | Tags |
|---|---|
| https://github.com/daytonaio/daytona/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T14:28:12.345394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T14:28:38.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "daytona",
"vendor": "daytonaio",
"versions": [
{
"status": "affected",
"version": "\u003c 0.184.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted (and declined) by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and matches an invitation\u0027s target email against the email in the caller\u0027s token, but the invitation accept and decline paths did not require that email to be verified, unlike organization creation, which already enforced verification. On identity providers that allow self-service signup and issue a session before the email is verified, an actor could register an address matching a pending invitation, leave it unverified, and accept the invitation, joining the target organization with the role the invitation carried (up to Owner). This vulnerability is fixed in 0.184.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T18:11:19.369Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/daytonaio/daytona/security/advisories/GHSA-m6hx-cffh-3f3h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/daytonaio/daytona/security/advisories/GHSA-m6hx-cffh-3f3h"
}
],
"source": {
"advisory": "GHSA-m6hx-cffh-3f3h",
"discovery": "UNKNOWN"
},
"title": "Daytona: Cross-tenant organization takeover via invitation acceptance with an unverified email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54320",
"datePublished": "2026-06-23T18:11:19.369Z",
"dateReserved": "2026-06-12T18:42:02.223Z",
"dateUpdated": "2026-06-24T14:28:38.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5557 (GCVE-0-2026-5557)
Vulnerability from cvelistv5 – Published: 2026-04-05 09:45 – Updated: 2026-04-06 14:50| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355327 | vdb-entry |
| https://vuldb.com/vuln/355327/cti | signaturepermissions-required |
| https://vuldb.com/submit/782879 | third-party-advisory |
| https://github.com/August829/CVEP/issues/28 | exploitissue-tracking |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5557",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:33:56.834843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:50:53.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"pi-mom Slack Bot"
],
"product": "pi-mono",
"vendor": "badlogic",
"versions": [
{
"status": "affected",
"version": "0.58.0"
},
{
"status": "affected",
"version": "0.58.1"
},
{
"status": "affected",
"version": "0.58.2"
},
{
"status": "affected",
"version": "0.58.3"
},
{
"status": "affected",
"version": "0.58.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu Bao (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T09:45:15.859Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355327 | badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355327"
},
{
"name": "VDB-355327 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355327/cti"
},
{
"name": "Submit #782879 | badlogic pi-mono 0.58.4 Unauthenticated Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782879"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/August829/CVEP/issues/28"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T15:55:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5557",
"datePublished": "2026-04-05T09:45:15.859Z",
"dateReserved": "2026-04-04T13:50:06.661Z",
"dateUpdated": "2026-04-06T14:50:53.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.