CWE · MITRE source
CWE-302Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IA-8 | Identification and Authentication (Non-organizational Users) | IA | Proper authentication for non-organizational users counters bypasses relying on assumed-immutable data. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-43441 | 7.4 | 9.8 | 0.9042 | 2024-12-24 |
CVE-2016-9482 | 2.4 | 9.8 | 0.0700 | 2018-07-13 |
CVE-2025-29813 | 2.2 | 10.0 | 0.0290 | 2025-05-08 |
CVE-2023-4669 | 2.0 | 9.8 | 0.0008 | 2023-09-14 |
CVE-2023-4612 | 2.0 | 9.8 | 0.0004 | 2023-11-09 |
CVE-2024-56404 | 2.0 | 9.9 | 0.0030 | 2025-01-24 |
CVE-2025-63210 | 2.0 | 9.8 | 0.0014 | 2025-11-19 |
CVE-2022-22729 | 1.8 | 8.8 | 0.0014 | 2022-03-11 |
CVE-2024-12838 | 1.8 | 8.8 | 0.0006 | 2024-12-31 |
CVE-2025-47158 | 1.8 | 9.0 | 0.0026 | 2025-07-18 |
CVE-2026-40285 | 1.8 | 8.8 | 0.0004 | 2026-04-17 |
CVE-2024-49056 | 1.6 | 7.3 | 0.0247 | 2024-11-12 |
CVE-2025-24876 | 1.6 | 8.1 | 0.0016 | 2025-02-11 |
CVE-2025-8855 | 1.6 | 8.1 | 0.0006 | 2025-11-14 |
CVE-2026-39429 | 1.6 | 8.2 | 0.0008 | 2026-04-08 |
CVE-2020-15074 | 1.5 | 7.5 | 0.0019 | 2020-07-14 |
CVE-2022-3875 | 1.5 | 7.3 | 0.0012 | 2022-12-19 |
CVE-2024-22179 | 1.5 | 7.5 | 0.0008 | 2024-04-18 |
CVE-2024-3741 | 1.5 | 7.5 | 0.0003 | 2024-04-18 |
CVE-2024-4024 | 1.5 | 7.3 | 0.0103 | 2024-04-25 |
CVE-2024-45370 | 1.5 | 7.3 | 0.0002 | 2025-12-01 |
CVE-2022-2503 | 1.4 | 6.9 | 0.0001 | 2022-08-12 |
CVE-2024-47086 | 1.3 | 6.5 | 0.0013 | 2024-09-19 |
CVE-2024-8475 | 1.3 | 6.5 | 0.0006 | 2024-12-17 |
CVE-2026-28510 | 1.2 | 5.9 | 0.0004 | 2026-05-05 |