CWE-302: Authentication Bypass by Assumed-Immutable Data
low-riskThe authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Abstraction: Base
Common Consequences
Access Control
→
Bypass Protection Mechanism
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-43441 | 9.8 | 90.2% | — |
| CVE-2016-9482 | 9.8 | 7.0% | — |
| CVE-2024-4024 | 7.3 | 2.9% | — |
| CVE-2025-29813 | 10.0 | 2.9% | — |
| CVE-2024-49056 | 7.3 | 2.5% | — |
| CVE-2024-56404 | 9.9 | 0.3% | — |
| CVE-2025-47158 | 9.0 | 0.2% | — |
| CVE-2025-24876 | 8.1 | 0.2% | — |
| CVE-2025-63210 | 9.8 | 0.2% | — |
| CVE-2020-15074 | 7.5 | 0.2% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal