CWE•Base•Incomplete•20 recent CVEs
CWE-288Authentication Bypass Using an Alternate Path or Channel
Description
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Common consequences
- Access Control→Bypass Protection Mechanism
Potential mitigations
- Architecture and DesignFunnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-54158.82026-06-05CVE-2026-361756.82026-06-04CVE-2026-426547.12026-06-02CVE-2026-407807.52026-06-02CVE-2026-455772026-05-29CVE-2025-412739.82026-05-29CVE-2026-86978.82026-05-28CVE-2026-89902026-05-28CVE-2026-350902026-05-27CVE-2026-350872026-05-27CVE-2026-427607.52026-05-27CVE-2026-427497.12026-05-27CVE-2026-427457.32026-05-27CVE-2026-427358.22026-05-27CVE-2025-687112.42026-05-26CVE-2025-687082.42026-05-26CVE-2025-687102.42026-05-26CVE-2026-452176.52026-05-25CVE-2026-338439.12026-05-22CVE-2026-85989.12026-05-20