Lucene search
K

827 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. Preconditions Relying-party service is hosted with WSFederationHttpBinding or...

10CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.15 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/18 3:32 p.m.3 views

GHSA-8FCC-W5HV-4GXV googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint RFC 7662, the toolbox decodes the response into an introspectResp struct where t...

9.3CVSS6AI score0.00195EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 3:32 p.m.4 views

GHSA-WCPR-6G7X-P44R googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS5.9AI score0.00204EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 2:17 p.m.14 views

CVE-2026-11718

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-WXG7-W2V3-W38G ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider

Summary Two closely related token lifecycle validation vulnerabilities were discovered in ZITADEL's external JWT Identity Provider IdP implementation. Specifically, within the validation pipeline: Missing Expiration exp Enforcement: If an incoming JWT omits the exp claim entirely, the expiration...

4.2CVSS5.6AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:52 a.m.9 views

CVE-2026-11718

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS5.3AI score0.00204EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/18 11:52 a.m.37 views

CVE-2026-11718

The CVE-2026-11718 entry concerns an authentication bypass in googleapis/mcp-toolbox: during opaque-token validation via an OAuth 2.0 introspection endpoint, the code decodes the response and checks issuer with the condition a.issuer != "" && iss != "". If the introspection response omits iss, is...

9.3CVSS5.4AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 6:5 a.m.23 views

CVE-2026-55742

Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in system/admin/admin.rights.php while performing the update action (a=update). The code path updates group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate an anti-CSRF token. A remote attack...

9.6CVSS5.8AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.7 views

PT-2026-54912

Name of the Vulnerable Software and Affected Versions @acastellon/auth versions prior to 2.3.0 Description An authentication bypass exists in the validateToken middleware. The issue stems from improper trust in spoofable request headers and flawed request flow control, which allows the next...

9.3CVSS5.8AI score0.00543EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/18 12:0 a.m.40 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50660

Name of the Vulnerable Software and Affected Versions googleapis/mcp-toolbox affected versions not specified Description An authentication bypass exists in the generic opaque token validation path validateOpaqueToken. When validating an opaque token via an OAuth 2.0 introspection endpoint, the...

9.3CVSS5.8AI score0.00204EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/17 9:53 p.m.24 views

CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS0.0029EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-10303

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/16 7:0 p.m.4 views

NPM: n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes

NPM: n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

7.2CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:0 p.m.8 views

n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes

Impact The MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. Patches The issue has been fixed in...

7.2CVSS5.6AI score0.00276EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/16 6:24 p.m.23 views

CVE-2026-10303 ServerCo getssl ACME shell script path injection

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

7.4CVSS0.00757EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.14 views

CVE-2026-44894

A flaw was found in Netty, specifically within the netty-codec-classes-quic component's NoQuicTokenHandler. A remote attacker can exploit this vulnerability by sending an Initial packet with any non-empty token bytes and a spoofed victim's IP address. This improper token validation causes the Net...

7.5CVSS5AI score0.00143EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/12 2:6 p.m.8 views

CVE-2026-44894 Netty's Default QUIC token handler accepts any client-supplied token

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS5.3AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:6 p.m.9 views

EUVD-2026-36435

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS5.2AI score0.00143EPSS
Exploits0References2
Rows per page
Query Builder