Security Risk Category

authentication-bypass Security Risks

Published vulnerability pages connected to authentication-bypass. One risk can appear in multiple categories while keeping one canonical page.

authentication-bypass risks

Showing 6 of 6 published risks.

highEPSS 0.002

CoreWCF SAML Non-X.509 Signature Verification Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54774corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.001

CoreWCF Unix Domain Socket PosixIdentity Security Upgrade Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54776corewcfdotnetnugetwcf

Updated Jul 10, 2026

highEPSS 0.002

CoreWCF SAML SubjectConfirmation Holder-of-Key Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54781corewcfdotnetnugetwcf

Updated Jul 10, 2026

criticalEPSS 0.002

CoreWCF SAML Token Signature Validation Authentication Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54782corewcfdotnetnugetwcf

Updated Jul 10, 2026

criticalEPSS 0.006

miniOrange OTP Login WordPress Plugin Administrator Account Takeover Vulnerability

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the `um_reset_password_process_hook()` function performing no server-side verification that the OTP validation step was completed, and relying solely on a public `form_nonce` nonce that the plugin itself emits to unauthenticated visitors via the `moumprvar` JavaScript object on the Ultimate Member password reset page, while still accepting the attacker-controlled `username_b` parameter to target any WordPress user without role restriction or any binding to a previously validated OTP session. This makes it possible for unauthenticated attackers to obtain a freshly generated password-reset URL for an arbitrary Administrator account — returned in a 302 `Location` header — and use it to take full control of that account. Exploitation requires the Ultimate Member Password Reset Form integration to be active and the plugin to not be configured for phone-only reset.

CVE-2026-14245wordpressminiorangeultimate-memberauthentication-bypass

Updated Jul 10, 2026

mediumEPSS 0.004

Sayax OSOS Sensitive Information Authentication Bypass Vulnerability

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1365ososauthentication-bypassinformation-disclosureenergy

Updated Jul 10, 2026