Auth Bypass
91 entries
Every Auth Bypass entry VulnWatch has indexed, sorted by publication date.
Subscribe to this tag's RSS feed
CVE-2026-41495: n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests...
Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search
# Unauthorized File and Knowledge Base Content Access via RAG Vector Search ## Affected Component RAG source resolution in chat completion pipeline: - `backend/open_webui/retrieval/utils.py` (lines...
Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show
# Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show ## Affected Component Ollama proxy endpoints missing model access control: - `backend/open_webui/ro...
Open WebUI's responses passthrough endpoint lacks access control authorization
## Summary The /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the p...
Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining
# Base Model Routing Bypasses Access Control via Model Chaining ## Affected Component Model chaining via `base_model_id`: - `backend/open_webui/routers/models.py` (lines 170-214, `create_new_model`)...
CVE-2026-41487: Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, the
Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An au...
opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
### Summary A server-side authentication bypass in `azureauthextension` allows any party who holds a single valid Azure access token for *any scope the collector's configured identity can mint for* t...
Nginx-UI Settings API Exposes Protected Secrets
### Summary The `GetSettings` API handler (`api/settings/settings.go:24-65`) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with `pro...
CVE-2026-41950: Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the fu
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying...
Pelican Web UI Affected by a Privilege Escalation Attack
## Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface (WebUI) for various versions...
n8n Vulnerable to XSS via MCP OAuth client
## Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revo...
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfor...
CVE-2026-41273: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contain
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker...
CVE-2026-41208: Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @papercl
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability tha...
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
On Windows, Claude Code loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the `Progr...
Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution
### Summary Paperclip contains a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host. An attacker with an age...
Flowise: resetPassword Authentication Bypass Vulnerability
ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerabi...
Expression Injection in OpenRemote
### Summary The OpenRemote IoT platform's rules engine contains two interrelated critical expression injection vulnerabilities that allow an attacker to execute arbitrary code on the server, ultimatel...
excel-mcp-server has a Path Traversal issue
## Summary A path traversal vulnerability exists in [`excel-mcp-server`](https://github.com/haris-musa/excel-mcp-server) versions up to and including `0.1.7`. When running in SSE or Streamable-HTTP t...
LiteLLM: Password hash exposure and pass-the-hash authentication bypass
### Impact Three issues combine into a full authentication bypass chain: 1. Weak hashing: User passwords are stored as unsalted SHA-256 hashes, making them vulnerable to rainbow table attacks and tr...
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given expe...
PYSEC-2026-94
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given expe...
LiteLLM: Authentication bypass via OIDC userinfo cache key collision
### Impact When JWT authentication is enabled (`enable_jwt_auth: true`), the OIDC userinfo cache uses `token[:20]` as the cache key. JWT headers produced by the same signing algorithm generate ident...
LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
### Impact The `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify p...
mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the lates...