FILTERING BY: CLEAR FILTER

Check Point Remote Access VPN: Authentication Bypass CVE-2026-50751

CVE-2026-50751 is a critical authentication bypass vulnerability (CVSS 9.3) affecting Check Point Remote Access VPN and Mobile Access deployments utilizing the deprecated IKEv1 protocol. A logic error within the iked daemon's process_cert_payloads function allows remote attackers to manipulate certificate validation flags, effectively bypassing signature verification to establish VPN sessions without valid credentials. The flaw has been actively exploited by Qilin ransomware affiliates to gain initial perimeter access to targeted organizations. Remediation requires the immediate application of the vendor-supplied hotfix to enforce policy-based validation and the decommissioning of IKEv1 in favor of IKEv2.

Critical Authentication Bypass via Weak Password Recovery in PbootCMS

CVE-2026-12066 is a critical vulnerability in the PbootCMS password recovery module that enables unauthenticated remote attackers to achieve administrative access. The flaw stems from improper authentication (CWE-287) or the use of insufficiently random values (CWE-330) during the password reset process. By exploiting predictable reset tokens or manipulating parameters within the recovery endpoint via HTTP/HTTPS, an attacker can bypass standard authentication protocols. Successful exploitation grants full control over the CMS, facilitating unauthorized data access, site defacement, or lateral movement through potential Remote Code Execution (RCE) escalation. Immediate patching and the implementation of cryptographically secure token generation are required to mitigate this critical risk.

Authentication Bypass in Starlette and FastAPI via BadHost CVE-2026-48710

CVE-2026-48710 identifies a critical vulnerability in the Starlette framework's handling of the Host header, which directly facilitates authentication bypasses in downstream frameworks, most notably FastAPI. The flaw arises from a technical discrepancy between the framework's internal routing logic and its URL reconstruction mechanism. When an application performs security-critical operations—such as access control checks or authentication validation—by inspecting the request.url attribute rather than the raw request path, it becomes susceptible to manipulation via malformed Host headers. By injecting special characters such as /, ?, or # into the Host header, an attacker can decouple the perceived URL used by security middleware from the actual path processed by the Starlette router. This divergence allows requests to bypass authentication layers while still reaching sensitive endpoints, creating an exploit chain that can progress from Authentication Bypass to Server-Side Request Forgery (SSRF) and ultimately Remote Code Execution (RCE). Remediation requires updating Starlette to version 1.0.1, which implements strict validation to reject malformed Host headers.


LINK COPIED TO CLIPBOARD