CWE-288
Authentication Bypass Using an Alternate Path or Channel
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Top Monitored CVEs
CVE-2023-42793
CRITICAL
KEV
9.8
100.0%
2023-09-19
CVE-2024-1709
CRITICAL
KEV
10.0
100.0%
2024-02-21
CVE-2024-27198
CRITICAL
KEV
9.8
99.9%
2024-03-04
CVE-2025-4427
HIGH
KEV
7.5
99.9%
2025-05-13
CVE-2024-55591
CRITICAL
KEV
9.6
98.3%
2025-01-14
CVE-2023-46747
CRITICAL
KEV
9.8
96.5%
2023-10-26
CVE-2026-23760
CRITICAL
KEV
9.8
96.3%
2026-01-22
CVE-2025-57819
CRITICAL
KEV
9.8
93.3%
2025-08-28
CVE-2025-2747
CRITICAL
KEV
9.8
92.2%
2025-03-24
CVE-2020-10148
CRITICAL
KEV
9.8
92.0%
2020-12-29
Consequences
Access Control
—
Bypass Protection Mechanism
Mitigations
Phase: Architecture and Design
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.