CWE-288: Authentication Bypass Using an Alternate Path or Channel
low-riskThe product requires authentication, but the product has an alternate path or channel that does not require authentication.
Abstraction: Base
Common Consequences
Access Control
→
Bypass Protection Mechanism
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-46747 | 9.8 | 94.4% | Y |
| CVE-2020-10148 | 9.8 | 94.3% | Y |
| CVE-2024-1709 | 10.0 | 94.3% | Y |
| CVE-2024-55591 | 9.8 | 94.2% | Y |
| CVE-2024-10924 | 9.8 | 93.9% | — |
| CVE-2024-27198 | 9.8 | 93.0% | Y |
| CVE-2023-42793 | 9.8 | 92.9% | Y |
| CVE-2024-9989 | 9.8 | 92.6% | — |
| CVE-2023-2986 | 9.8 | 91.4% | — |
| CVE-2025-4427 | 5.3 | 91.3% | Y |
18
/ 100
low-risk
Active Threat
15/50 · Low
Exploit Availability
3/50 · Minimal