Authentication bypass vulnerabilities
Authentication bypass lets an attacker reach protected functionality without valid credentials — broken login checks, forgeable tokens, or alternate paths that skip the check entirely. On edge devices such as VPNs and firewalls, an auth bypass is often equivalent to full compromise and is frequently chained with a post-auth RCE.
Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged authentication bypass, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.