Authentication bypass | Breaking Cybersecurity News | The Hacker News

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182 . It's rated 10.0 on the CVSS scoring system, indicating maximum severity. "Cisco Catalyst SD-WAN Controller and Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system," CISA said . In a separate advisory, Cisco attributed the active exploitation of CVE-2026-20182 with high confidence to UAT-8616 , the same cluster behind the weaponization of CVE-2026-20127 to gain unauthorized access to SD-WAN systems. "UAT-8616 performed similar post-compromise ...

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182 , carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system," Cisco said . The networking equipment major said the flaw stems from a malfunction of the peering authentication mechanism, which an attacker could exploit by sending crafted requests to the affected system. A successful exploit could permit the attacker to log in to the Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account, and then weaponize it to access NETCONF and manipulate network configuration f...

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the API server's protected functionality without a token.  " PraisonAI ships a legacy Flask API server with authentication disabled by default," according to an advisory released by the maintainers earlier this month. "When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token." Specifically, the legacy Flask-based API server, src/praisonai/api_server.py, hard-codes AUTH_ENABLED = False and AUTH_TOKEN = None. According to PraisonAI, successful exploitation of the...

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940 , a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control panel. According to a new report from QiAnXin XLab, the security defect has been exploited by a number of threat actors shortly after its public disclosure late last month, resulting in malicious behaviors like cryptocurrency mining, ransomware, botnet propagation, and backdoor implantation. "Monitoring data shows that more than 2,000 attacker source IPs worldwide are currently involved in automated attacks and cybercrime activities targeting this vulnerability," XLab researchers said. "These IPs are distributed across multiple regions globally, primarily originating from Germ...

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization vulnerability in SAP NetWeaver Enterprise Portal Administration "The application uses an outdated artifact of Apache Log4j 1.2.17 that is vulnerable to CVE-2019-17571," SAP security company Onapsis said . "It allows an unprivileged attacker to execute arbitrary code remotely on the server, causing high impact on confidentiality, integrity, and availability of the application." CVE-2026-27685, on the other hand, stems from missing or insufficient validation during the deserialization of uploaded content, which could allow an attacker to upload untrusted or malicious content...

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001 . It was patched by SmarterTools on January 15, 2026, with Build 9511 , following responsible disclosure by the exposure management platform on January 8, 2026. Markus Wulftange of CODE WHITE GmbH, the finder has also been credited with reporting the same flaw. It has been described as an authentication bypass flaw that could allow any user to reset the SmarterMail system administrator password by means of a specially crafted HTTP request to the "/api/v1/auth/force-reset-password" endpoint. "The kicker of course being that said user is able to use RCE-as-a-feature functions to directly execute OS [operating system] commands," watchTowr Labs researchers Piotr Bazydlo and Sina Kheirkhah said. The problem ...

Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0. "Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication," the company said in an advisory. "Successful exploitation could allow a remote attacker to gain administrative access to the system." Also patched by HPE is an authenticated command injection flaw in the command-line interface of the HPE Networking Instant On Access Points (CVE-2025-37102, CVSS score: 7.2) that a remote attacker could exploit with elevated permissions to run arbitrary commands on the underlying operating system as a privileged user. This also me...

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues following the end of the 90-day deadline. "These vulnerabilities, when chained together, could allow an attacker to fully compromise both the application and the underlying host system," ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra said in a report shared with The Hacker News. The security defects are listed below - CVE-2025-34025 (CVSS score: 8.6) - A privilege escalation and Docker container escape vulnerability that's caused by unsafe default mounting of host binary paths and could be exploited to gain code execution on the underlying host m...

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The software is installed on over 4 million WordPress sites.  "The vulnerability is scriptable, meaning that it can be turned into a large-scale automated attack, targeting WordPress websites," Wordfence security researcher István Márton said . Following responsible disclosure on November 6, 2024, the shortcoming has been patched in version 9.1.2 released a week later. This risk of possible abuse has prompted the plugin maintainers to work with WordPress to force-update all sites running this plugin prior to public disclosure. According to Wordfence, the authentication bypass vulnerabilit...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the authentication of the admin panel and create rogue administrative users. "Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account," CISA said. The issue was patched by Ivanti in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August 2024. The agency did not reveal any specifics on how the shortcoming is being weaponized in real-world attacks and who may be behind them, but Ivanti had previously noted that a proof-of-concept (PoC) is publicly available. In light...

Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel," the company said in an advisory. It impacts the following versions of vTM - 22.2 (fixed in version 22.2R1) 22.3 (fixed in version 22.3R3, available week of August 19, 2024) 22.3R2 (fixed in version 22.3R3, available week of August 19, 2024) 22.5R1 (fixed in version 22.5R2, available week of August 19, 2024) 22.6R1 (fixed in version 22.6R2, available week of August 19, 2024) 22.7R1 (fixed in version 22.7R2) As temporary mitigation, Ivanti is recommending customers to limit admin access to th...

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856 , the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15. "The root cause of the vulnerability lies in a flaw in the authentication mechanism," SonicWall, which discovered and reported the shortcoming, said in a statement. "This flaw allows an unauthenticated user to access functionalities that generally require the user to be logged in, paving the way for remote code execution." CVE-2024-38856 is also a patch bypass for CVE-2024-36104 , a path traversal vulnerability that was addressed in early June with the release of 18.12.14. SonicWall described the flaw as residing in the override view functionality that exposes critical endpoi...

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device,” the company said in an advisory issued last week. According to Juniper Networks, the shortcoming affects only those routers or conductors that are running in high-availability redundant configurations. The list of impacted devices is listed below - Session Smart Router (all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts) Session Smart Conductor (all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts) W...

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080 , the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device," according to a description of the flaw shared by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC). Also patched by the Taiwanese company is a high-severity buffer overflow flaw tracked as CVE-2024-3079 (CVSS score: 7.2) that could be weaponized by remote attackers with administrative privileges to execute arbitrary commands on the device. In a hypothetical attack scenario, a bad actor could fashion CVE-2024-3080 and CVE-2024-3079 into an exploit chain in order to sidestep authentication and execute malicious code on susceptible devices. Both the shor...

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358 , carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability," the company said in an advisory. The shortcoming has been addressed in Report Server 2024 Q2 (10.1.24.514). Sina Kheirkhah of Summoning Team, who is credited with discovering and reporting the flaw, described it as a "very simple" bug that could be exploited by a "remote unauthenticated attacker to create an administrator user and login." Besides updating to the latest version, Progress Software is urging cust...

Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous  Mirai botnet . That's according to  findings  from Juniper Threat Labs, which said the vulnerabilities  CVE-2023-46805 and CVE-2024-21887  have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw, CVE-2024-21887 is a command injection vulnerability, thereby allowing an attacker to chain the two into an exploit chain to execute arbitrary code and take over susceptible instances. In the attack chain observed by the network security company, CVE-2023-46805 is exploited to gain access to the "/api/v1/license/key-status/;" endpoint, which is vulnerable to command injection, and inject the payload. As  previously outlined  by Assetnote in their technical deep dive of the CVE-2024-21887, the exploit is triggered by means of a request to "/api/v1/totp/user-backup-code/" to deplo...

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which  said  the flaws have been weaponized since the start of April 2024. OpenMetadata is an  open-source platform  that operates as a metadata management tool, offering a unified solution for data asset discovery, observability, and governance. The flaws in question – all discovered and credited to security researcher Alvaro Muñoz – are listed below - CVE-2024-28847  (CVSS score: 8.8) - A Spring Expression Language (SpEL) injection vulnerability in PUT /api/v1/events/subscriptions (fixed in version 1.2.4) CVE-2024-28848  (CVSS score: 8.8) - A SpEL injection vulnerability in GET /api/v1/policies/validation/condition/<expr> (fixed in version 1.2.4) CVE-2024-28253  (CVSS score: 8.8) - A SpEL injecti...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a  complete compromise  of a susceptible server by a remote unauthenticated attacker. It was addressed by JetBrains earlier this week alongside CVE-2024-27199 (CVSS score: 7.3), another moderate-severity authentication bypass flaw that allows for a "limited amount" of information disclosure and system modification. “The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server,” the company  noted  at the time. Threat actors have been observed weaponizing t...

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a security evaluation of  wpa_supplicant  and Intel's iNet Wireless Daemon ( IWD ), respectively. The flaws "allow attackers to trick victims into connecting to malicious clones of trusted networks and intercept their traffic, and join otherwise secure networks without needing the password," Top10VPN  said  in a new research conducted in collaboration with Mathy Vanhoef, who has previously uncovered Wi-Fi attacks like  KRACK ,  DragonBlood , and  TunnelCrack . CVE-2023-52161, in particular, permits an adversary to gain unauthorized access to a protected Wi-Fi ne...