CWE-294— Authentication Bypass by Capture-replay
211 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-294page 5 of 5
- CVE-2026-2540HIGHCVSS 8.4EG 0.02026-02-15
The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previous…
- CVE-2026-30080HIGHCVSS 7.5EG 7.52026-04-08
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterfa…
- CVE-2026-35618MEDIUMCVSS 6.5EG 6.52026-04-09
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full …
- CVE-2026-37982MEDIUMCVSS 6.8EG 6.82026-05-19
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting an execute-actions email link, an a…
- CVE-2026-41351MEDIUMCVSS 5.3EG 5.32026-04-23
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass …
- CVE-2026-42602HIGHCVSS 8.1EG 8.12026-05-13
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configur…
- CVE-2026-46538MEDIUMCVSS 5.9EG 5.92026-05-27
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify that a TASK_END me…
- CVE-2026-49322MEDIUMCVSS 4.3EG 4.32026-05-29
Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by pass…
- CVE-2026-7168MEDIUMCVSS 5.3EG 5.32026-05-13
Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wron…
- CVE-2026-9095HIGHCVSS 8.1EG 8.12026-05-28
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immediately maps the result to a user session. …
- CVE-2026-9398LOWCVSS 3.1EG 3.12026-05-24
A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be car…
Map vulnerabilities like CWE-294 to your infrastructure
EchelonGraph correlates every CVE — across CWE-294 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →