< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 6 of 18

Critical nginx-ui Authentication Bypass Enables Takeover

⚠️ A critical authentication-bypass flaw (CVE-2026-33032) in nginx-ui is being actively exploited to seize control of Nginx services. The issue stems from the MCP integration exposing two endpoints; /mcp_message lacks the AuthRequired() middleware and the default IP whitelist is treated as "allow all," permitting unauthenticated invocation of management tools. Update to v2.3.4 immediately or disable MCP and restrict access as interim mitigations.
read more →

Seven IBM WebSphere Liberty Flaws Can Lead to Takeover

🔒 Researchers warn that seven vulnerabilities in IBM WebSphere Liberty can be chained from a pre-authentication SAML Web SSO flaw into full server compromise. The initial defect, tracked as CVE-2026-1561, allows unauthenticated attackers to supply crafted serialized payloads because a String.concat() misuse makes the integrity check ineffective, enabling pre-auth RCE against exposed SAML endpoints. Subsequent AdminCenter weaknesses let low-privileged 'reader' users retrieve keys and sensitive configuration, forge tokens, and abuse an archive-extraction flaw to write arbitrary files; IBM has issued patches and configuration guidance to mitigate the chain.
read more →

Old Docker AuthZ Bypass Reappears, Patch Released Now

⚠️Researchers from Cyera disclosed a high-severity authorization bypass in Docker Engine (CVE-2026-34040) that allows attackers with Docker API access to evade third-party AuthZ plug-ins and execute privileged commands on hosts. The flaw, rated 8.8 on the CVSS scale, was fixed in Docker Engine 29.3.1 and Docker Desktop 4.66.1. As an interim mitigation, administrators can filter malicious requests by limiting API request size (for example, blocking requests over 512KB) until patches are deployed.
read more →

Google Adds Device-Bound Session Credentials to Chrome 146

🔐 Google has made Device Bound Session Credentials (DBSC) generally available to Windows users on Chrome 146, with macOS support planned for a later release. DBSC uses hardware-backed modules like the Trusted Platform Module (TPM) to bind short-lived session cookies to a specific device so exfiltrated cookies cannot be used by attackers. The feature falls back gracefully on devices without secure key storage and was developed with Microsoft as part of efforts to make the approach an open web standard. Google says the architecture is privacy-minded and does not enable cross-site tracking.
read more →

Device-Bound Session Cookies Arrive in Chrome 146

🔐 Chrome has enabled Device Bound Session Credentials (DBSC) publicly for Windows users on Chrome 146, with macOS support arriving in a future release. DBSC cryptographically binds short‑lived session cookies to a device's hardware-backed key (TPM or Secure Enclave) so exfiltrated cookies cannot be reused off‑device. The browser handles rotation and the approach preserves privacy by avoiding device identifiers. Web developers can adopt DBSC via the open spec and developer guide.
read more →

Fortinet issues emergency hotfix for FortiClient EMS

🚨 Fortinet has released an emergency hotfix for FortiClient EMS to address a critical authentication-bypass vulnerability tracked as CVE-2026-35616 that permits unauthenticated remote code execution. The flaw carries a CVSS score of 9.1 and affects on-premises EMS versions 7.4.5 and 7.4.6; FortiClient Cloud and FortiSASE were patched server-side and a full fix is planned for 7.4.7. Organizations should apply the hotfix to EMS Linux servers, audit API logs and recent configuration changes, and restore or rebuild instances if compromise is suspected.
read more →

Docker CVE-2026-34040 Lets Attackers Bypass AuthZ Exploit

⚠ A high-severity flaw (CVE-2026-34040, CVSS 8.8) in Docker Engine can allow an attacker with API access to bypass AuthZ plugins by causing the daemon to forward requests without their body. The bug is tied to an incomplete fix for CVE-2024-41110 and arises when oversized, padded HTTP requests are dropped before reaching the authorization plugin. An attacker who pads a container-creation request above the threshold can cause the daemon to create a privileged container that mounts the host filesystem. Docker Engine 29.3.1 contains the patch; mitigations include avoiding body-dependent AuthZ plugins, restricting API access to trusted users, or running Docker in rootless mode.
read more →

CISA Orders Feds to Patch Fortinet EMS Zero-Day Urgently

⚠️ CISA has ordered federal agencies to patch FortiClient EMS instances by April 9 after the discovery of CVE-2026-35616, a pre-authentication API access bypass. Fortinet released emergency hotfixes and said unauthenticated attackers can execute code via specially crafted requests. Administrators are urged to apply hotfixes or upgrade to 7.4.7 immediately to mitigate active exploitation.
read more →

Cisco fixes critical IMC auth bypass in many devices

🔒Cisco has released patches for a critical authentication bypass in its Integrated Management Controller (IMC), tracked as CVE-2026-20093. The flaw, caused by incorrect handling of password changes, can be exploited via specially crafted HTTP requests to gain unauthenticated admin access. Affected platforms include standalone UCS C-Series, UCS E-Series, Catalyst 8300, and 5000 Series systems. Administrators should apply updates and restrict IMC exposure immediately.
read more →

Cisco Patches Critical IMC and SSM Flaws (CVSS 9.8)

🔒 Cisco released patches for two critical vulnerabilities in its management software that carry a CVSS score of 9.8. CVE-2026-20093 in the Integrated Management Controller (IMC) allows an unauthenticated attacker to bypass authentication and change any user password via a crafted HTTP request. CVE-2026-20160 affects Smart Software Manager On‑Prem and can enable remote command execution as root due to an exposed internal service. Cisco provided fixed releases and urges customers to update immediately; there are no known in-the-wild exploits to date.
read more →

Pre-auth RCE Chain in Progress ShareFile Storage Zones

🔓 Researchers at watchTowr disclosed two critical flaws in Progress ShareFile Storage Zones Controller (SZC): an authentication bypass (CVE-2026-2699) and a remote code execution via file upload/extraction (CVE-2026-2701). The issues can be chained to grant unauthenticated access to the admin interface, modify zone configuration, and deploy ASPX webshells to the application webroot. Progress issued a patch in ShareFile 5.12.4 on March 10; administrators should apply it immediately given thousands of internet-exposed SZC instances.
read more →

Critical Cisco IMC auth bypass gives attackers Admin access

🔒 Cisco has released patches for a critical Integrated Management Controller (IMC) authentication bypass (CVE-2026-20093) that allows unauthenticated, remote attackers to gain Admin privileges by sending a crafted HTTP password-change request. The flaw affects CIMC on UCS C-Series and E-Series servers and permits altering any account password, including Admin. Cisco's PSIRT reports no known in-the-wild exploitation or public proof-of-concept yet and stresses there are no workarounds, so customers should upgrade to fixed software immediately.
read more →

Critical Auth Bypass in Anritsu Remote Spectrum Monitors

⚠️ Anritsu Remote Spectrum Monitor models MS27100A, MS27101A, MS27102A, and MS27103A contain an inherent authentication bypass (CVE-2026-3356) that permits unauthenticated network users to access and control the device management interface. The vendor reports no planned patch and confirms the issue is a design limitation with no configurable authentication. Successful exploitation can expose signal data, change operational settings, or render devices unavailable. CISA recommends isolating affected devices and restricting network access.
read more →

PX4 MAVLink Missing Authentication Allows Remote Shell

⚠️ A critical authentication flaw (CVE-2026-1579) in the MAVLink protocol used by PX4 Autopilot can allow unauthenticated actors with MAVLink access to execute arbitrary shell commands via the SERIAL_CONTROL message. The issue affects PX4 Autopilot v1.16.0_SITL_latest_stable. PX4 recommends enabling MAVLink 2.0 message signing for all non‑USB links and following the vendor's security hardening guidance to reduce exposure.
read more →

CISA Orders Federal Agencies to Patch Citrix Flaw Urgently

⚠️ CISA has ordered federal agencies to patch Citrix NetScaler appliances for CVE-2026-3055 by Thursday, April 2, after vendors warned the flaw is being actively exploited. The vulnerability arises from insufficient input validation in ADC and Gateway appliances configured as SAML identity providers and can enable unauthenticated attackers to steal admin session IDs and other sensitive information. Watchtowr reported in-the-wild abuse days after Citrix released fixes on March 23, and CISA has added the issue to its KEV Catalog and invoked BOD 22-01.
read more →

Critical SQL Injection in Fortinet EMS Actively Exploited

⚠️ A critical SQL injection, CVE-2026-21643, is being actively exploited against FortiClient EMS, allowing unauthenticated attackers to execute arbitrary SQL via crafted HTTP requests. The flaw affects EMS 7.4.4 when multi-tenant mode is enabled; Fortinet released 7.4.5 to remediate. Researchers note the endpoint returns database error messages and lacks lockout protections, enabling rapid data extraction and credential theft. Administrators should patch immediately, remove internet exposure, and inspect HTTP headers for anomalous SQL.
read more →

TP-Link patches critical Archer NX router auth bypass

🔒 TP-Link released firmware updates for its Archer NX200, NX210, NX500, and NX600 routers to fix multiple vulnerabilities, including a critical authentication bypass that can permit unauthenticated firmware uploads via certain HTTP CGI endpoints. The vendor additionally removed a hardcoded cryptographic key and patched two command injection flaws that require administrative access. TP-Link warned customers to install the latest firmware immediately to block potential attacks. Failure to update may leave devices susceptible to takeover or configuration manipulation.
read more →

Pharos Controls Mosaic Show Controller Critical RCE

🛡️ Pharos Controls Mosaic Show Controller firmware 2.15.3 contains a Missing Authentication for Critical Function vulnerability (CVE-2026-2417) that can allow an unauthenticated attacker to execute arbitrary commands with root privileges. The flaw has a CVSS v3.1 base score of 9.8 (Critical). Pharos Controls recommends upgrading to version 2.16 or later and isolating controllers from public networks.
read more →

Citrix Urges Immediate Patching of Critical NetScaler Flaw

⚠ Citrix has published updates for NetScaler ADC and NetScaler Gateway to fix two vulnerabilities, including a critical memory overread (CVE-2026-3055) that can leak sensitive information from appliance memory. Exploitation requires specific configurations—SAML IdP for CVE-2026-3055 and gateway or AAA roles for CVE-2026-4368. Affected builds include 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23; customers should inspect configurations and apply patches immediately.
read more →

Attackers Exploit CVE-2025-32975 to Hijack KACE SMA

🚨 Arctic Wolf reported exploitation of CVE-2025-32975 (CVSS 10.0), an authentication-bypass in Quest KACE Systems Management Appliance (SMA), against internet-exposed instances beginning the week of March 9, 2026. Attackers impersonated administrative users, executed remote commands to download Base64 payloads via curl from an external host, and created additional admin accounts using runkbot.exe. Observed post-compromise activity included Windows Registry modifications, credential harvesting with Mimikatz, reconnaissance, and RDP access to backup systems and domain controllers. Administrators should apply the May 2025 fixes and avoid exposing SMA directly to the internet.
read more →