Lucene search
K

7 matches found

Snyk
Snyk
added 2026/04/22 5:6 p.m.3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the HTTP vhost routing process when routeByHTTPUser is used for access control. An attacker can gain unauthorized access to protected backend services by sending proxy-style requests that use a known or guesse...

9.1CVSS5.5AI score0.00269EPSS
Exploits1References2
NVD
NVD
added 2026/04/21 9:16 p.m.13 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS0.00269EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 8:9 p.m.33 views

CVE-2026-40910 frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

6.5CVSS0.00269EPSS
Exploits1References1
CVE
CVE
added 2026/04/21 8:9 p.m.43 views

CVE-2026-40910

Summary : frp versions 0.43.0–0.68.0 contain an authentication bypass in the HTTP vhost routing path when using routeByHTTPUser for access control. The routing logic derives the route from the Proxy-Authorization username, while access control checks credentials from the standard Authorization he...

9.1CVSS5.8AI score0.00269EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/21 8:9 p.m.9 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS5.5AI score0.00269EPSS
Exploits1References1
OSV
OSV
added 2026/04/14 11:33 p.m.15 views

GHSA-PQ96-PWVG-VRR9 frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

6.5CVSS5.9AI score0.00269EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/14 11:33 p.m.10 views

frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

9.1CVSS5.9AI score0.00269EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder