authentication bypass

A newly disclosed flaw in Windows Admin Center (WAC) — tracked as CVE‑2026‑26119 and carrying a CVSS score reported as 8.8 — creates a real and immediate risk: an authenticated but low‑privileged user could escalate their privileges across an enterprise management plane and inherit the authority...

A subtle connection-reuse bug in libcurl—tracked as CVE-2023-27536—exposed a real-world risk that the library could accidentally reuse an authenticated connection with higher GSSAPI/Kerberos delegation permissions for a subsequent transfer that should have been performed with lower permissions...

Prometheus exporter-toolkit contains a serious basic‑authentication bypass that can be triggered when an attacker has access to a Prometheus-style web.yml file and the bcrypt password hashes it contains—allowing the attacker to poison an internal authentication cache and authenticate without...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged the ZLAN Information Technology Co. ZLAN5143D serial-to-Ethernet gateway — specifically firmware v1.600 — as affected by two high-severity weaknesses that allow an attacker to bypass authentication or reset device...

TP-Link’s VIGI professional camera line is the subject of a high‑severity authentication bypass that allows a local attacker to reset the administrator password and seize full administrative control of dozens of models unless they are running patched firmware. The issue, tracked as...

Fortinet has confirmed a new, actively exploited authentication‑bypass flaw—tracked as CVE‑2026‑24858—that allows an attacker who controls a FortiCloud account and a registered device to gain administrative access to other Fortinet devices where FortiCloud single sign‑on (SSO) is enabled. This...