< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 9 of 18

CISA: EV Energy ev.energy Vulnerabilities — Urgent Advisory

🔒 CISA warns of multiple critical and high-severity vulnerabilities in EV Energy ev.energy software that could permit unauthorized administrative control, session hijacking, credential exposure, and denial-of-service against charging stations. The advisory identifies four CVEs (including CVE-2026-27772) affecting all versions and assigns a top CVSS score of 9.4 for the most severe issue. EV Energy did not respond to coordination requests; CISA recommends vendor fixes and immediate network hardening, including minimizing Internet exposure and restricting access to charge point endpoints.
read more →

Immediate Patch Urged for Critical Cisco Catalyst SD-WAN Bug

⚠️ Government security agencies have urged immediate patching of a critical zero-day, CVE-2026-20127, impacting Cisco Catalyst SD-WAN Controller and SD-WAN Manager. The authentication bypass can grant unauthenticated remote attackers administrative privileges, NETCONF access and the ability to alter SD-WAN configuration. Authorities including CISA and Five Eyes partners require urgent patching and threat hunting; Cisco released fixes on 25 February 2026.
read more →

Maximum-Severity Cisco SD-WAN Zero-Day Actively Exploited

🔒 A maximum-severity vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127 (CVSS 10.0), lets an unauthenticated remote attacker bypass authentication and obtain elevated administrative privileges by sending a crafted request. Cisco reports active exploitation across on-prem and Cisco-hosted deployments by a sophisticated actor identified as UAT-8616, with malicious activity dating to 2023. Customers should apply vendor fixes immediately, audit /var/log/auth.log for unexpected "Accepted publickey for vmanage-admin" entries, and follow CISA emergency guidance.
read more →

Five Eyes Emergency Directive: Exploited Cisco SD-WAN

⚠️ Federal and allied cybersecurity agencies issued an emergency directive after Cisco Talos disclosed active exploitation of a critical flaw in Cisco Catalyst SD-WAN controllers (CVE-2026-20127). The vulnerability allows unauthenticated attackers to bypass authentication and gain administrative access to SD‑WAN control-plane components. Cisco has released patches with no workarounds; CISA and Five Eyes partners urge immediate patching, inventorying of in-scope systems, log collection and active hunting for compromise.
read more →

Critical Cisco SD-WAN Authentication Bypass Exploited

⚠️ Cisco warns of a critical authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127) that has been exploited in zero-day attacks beginning in 2023. The flaw allows attackers to authenticate as a high-privileged non-root account, add rogue peers, and manipulate NETCONF to alter SD-WAN fabric configuration. Cisco and partners report active exploitation, and vendors have issued software updates; there are no full workarounds, so immediate patching and hardening are urged.
read more →

Gardyn Home Kit Multiple Vulnerabilities: Patches Available

🔒 CISA reports multiple high‑severity vulnerabilities in Gardyn Home Kit firmware, cloud API, and mobile application that could permit unauthenticated access, remote command execution, and extraction of administrative credentials. Affected versions include the mobile app prior to 2.11.0, cloud API before 2.12.2026, and firmware older than master.619. Gardyn has released fixes in updated software; users should update apps and firmware and keep devices connected to receive automatic patches.
read more →

Six high-to-critical vulnerabilities discovered in OpenClaw

🔍 Endor Labs found six high-to-critical flaws in the open-source AI agent framework OpenClaw, including SSRF paths, missing webhook verification, authentication bypasses, and a path traversal in browser uploads. The team used an AI-driven SAST engine to trace attacker-controlled data flows and produced working proof-of-concept exploits that confirmed real-world exploitability. OpenClaw maintainers were notified and have published patches and security advisories addressing the issues.
read more →

Welker OdorEyes XL4 Controller Missing Authentication

🛡️ The Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller contains an authentication vulnerability tracked as CVE-2026-24790 that permits remote influence of the underlying PLC without proper safeguards. Successful exploitation could cause over- or under-odorization events, impacting safety and process control. CISA rates this issue High (CVSS 3.1 8.2) and recommends contacting Welker, minimizing network exposure, isolating control networks, and using secure remote-access methods such as updated VPNs.
read more →

Researchers Reveal Six New High-Risk OpenClaw Flaws

🔒OpenClaw has patched six vulnerabilities disclosed by Endor Labs, including SSRF, missing webhook authentication and a path traversal issue that range from moderate to high severity. The set includes CVE-2026-26322 (Gateway SSRF, CVSS 7.6), CVE-2026-26319 (Telnyx webhook auth bypass, CVSS 7.5) and several GitHub Security Advisories such as GHSA-56f2-hvwg-5743. Endor warns that agent frameworks’ multi-layered architectures mean vulnerabilities can span files and components, requiring data-flow analysis and layered validation to mitigate exploitation. SecurityScorecard also flagged many publicly exposed OpenClaw instances, raising enterprise risk.
read more →

Critical Honeywell CCTV Auth Bypass Threat to Devices

🔒 CISA has issued an advisory for a critical Honeywell CCTV vulnerability tracked as CVE-2026-1670. An unauthenticated API endpoint can be abused to change the account recovery email, enabling account takeover and unauthorized access to camera feeds. The advisory lists several mid-range models; Honeywell users should contact support and limit network exposure until vendor guidance or patches are available.
read more →

Honeywell CCTV Products: Critical Account Recovery Flaw

🔒 CISA reports a critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV products that exposes an unauthenticated API endpoint allowing an attacker to change the forgot password recovery email. Successful exploitation can enable account takeover and unauthorized access to camera feeds, and the issue is scored CVSS v3.1 9.8 (CRITICAL). Affected firmware includes several 2MP and 25M IPC/PTZ variants. Honeywell recommends contacting support for patches; CISA urges reducing Internet exposure, segmenting networks, and using secure remote access.
read more →

What CISOs Need to Know About OpenClaw Risks and Mitigations

⚠️ OpenClaw is an open‑source AI‑agent orchestration tool that runs locally, integrates with common chat apps and can use any LLM backend, driving rapid adoption. Researchers have found widespread exposed instances, critical authentication‑bypass flaws, plaintext credentials in the ClawHub marketplace and hundreds of malicious skills enabling credential theft and remote code execution. Experts urge enterprises to ban or tightly restrict use, enforce least privilege, MFA, endpoint segmentation and continuous telemetry if pilots are allowed.
read more →

Siemens Siveillance Video: Webhooks Missing Authorization

🔒 Siemens ProductCERT reports a Missing Authorization vulnerability in the Webhooks implementation of Siveillance Video Management Servers that can allow authenticated users with read-only privileges to gain full access to the Webhooks API. Affected releases include V2023 R1–R3, V2024 R1, and V2025 builds older than the specified hotfix revisions. Siemens has published fixes and recommends updating to the listed hotfix revisions. If patching is delayed, audit role settings and limit network exposure to affected devices.
read more →

OpenClaw Risks and Enterprise Exposure: What CISOs Must Know

⚠️ OpenClaw is a rapidly adopted local agent orchestration tool (formerly Clawdbot/Moltbot) that integrates with chat apps, operating systems, smart-home devices, browsers and productivity platforms and can be configured to use any LLM backend. Its GitHub repo and the Moltbook social layer saw millions of visits and hundreds of thousands of agents and downloads in recent weeks. Security researchers warn the tool is insecure-by-default: exposed instances, authentication bypasses, plaintext credentials and malicious third-party skills create serious enterprise risk. Organizations are advised to block traffic, rotate credentials and restrict experimentation to isolated, managed environments.
read more →

ZLAN5143D Critical Authentication Bypass and Reset Flaws

⚠️ CISA reports two critical authentication vulnerabilities in ZLAN Information Technology Co. ZLAN5143D v1.600. CVE-2026-25084 allows authentication bypass via direct access to internal URLs, while CVE-2026-24789 exposes an unprotected API that enables remote password changes without credentials. Both are scored CVSS 3.1 9.8. CISA notes the vendor did not respond to coordination; users should minimize network exposure, restrict internet access to devices, contact the vendor, and keep systems updated.
read more →

Warlock Ransomware Breach Through SmarterMail Flaw

🔒 SmarterTools confirmed that the Warlock ransomware group breached its network after exploiting an authentication-bypass flaw in a single, unpatched SmarterMail VM (CVE-2026-23760) on January 29, allowing attackers to reset admin passwords and obtain full privileges. The intrusion led to compromise of 12 Windows servers in the company’s office network and a secondary data center used for testing and hosting, while the company’s Linux infrastructure was not affected. Security tooling, including SentinelOne, blocked the final encryption payload, impacted systems were isolated, and data was restored from backups; SmarterTools urges administrators to upgrade to Build 9511 or later.
read more →

BeyondTrust Patches Critical Pre-Auth RCE in RS and PRA

🔒 BeyondTrust has released updates to address a critical pre-authentication remote code execution vulnerability affecting Remote Support and older Privileged Remote Access versions. The flaw, tracked as CVE-2026-1731, is an operating-system command injection rated 9.9 on the CVSS scale and allows unauthenticated attackers to execute OS commands in the context of the site user. Patches (BT26-02-RS and BT26-02-PRA) or upgrades to the fixed releases should be applied immediately, and self-hosted customers without automatic updates must apply the fix manually.
read more →

Hitachi Energy XMC20 RADIUS Forgery Vulnerability Advisory

⚠️ Hitachi Energy disclosed a critical vulnerability (CVE-2024-3596) affecting XMC20 devices that use remote RADIUS authentication. An MD5 Response Authenticator weakness permits a local attacker to forge or convert valid RADIUS responses (Access-Accept, Access-Reject, Access-Challenge), affecting confidentiality, integrity, and availability. Vendor guidance is to upgrade to XMC20 R18 and enable the RADIUS Message-Authenticator on both the device and the RADIUS server; where upgrades are not possible, segment FOX management traffic and apply network mitigations. CISA republishes the vendor advisory for visibility.
read more →

Hitachi Energy FOX61x RADIUS MD5 Forgery Vulnerability

🔒 Hitachi Energy reported a critical vulnerability in FOX61x devices when configured to use remote RADIUS authentication. The RADIUS implementation is vulnerable to a chosen-prefix collision attack on the MD5 Response Authenticator, allowing an attacker able to manipulate responses to forge Access-Accept/Access-Reject/Access-Challenge messages and affect confidentiality, integrity, and availability. Affected versions include FOX61x R17A and earlier; update to R18 and enable the RADIUS Message-Authenticator on both the device and the RADIUS server. If immediate upgrade is not possible, segment FOX management traffic to reduce exposure.
read more →

TP-Link VIGI IP Cameras: Local Password Bypass Vulnerability

🔒 A vulnerability in the TP‑Link VIGI Series IP Camera local web interface allows an attacker on the same LAN to bypass authentication in the password recovery flow and reset the administrator password by manipulating client-side state. Successful exploitation grants full administrative access, compromising device configuration and network security. TP‑Link has released firmware updates and strongly recommends installing the latest builds; CISA advises isolating affected devices from public networks and using secure remote access such as updated VPNs.
read more →