Tag

#authentication-bypass

3 posts tagged #authentication-bypass.

Analysis · May 5, 2026 · The Field Notes Desk

PaperCut's other bug just became a ransomware vector again

CVE-2023-27351, the auth bypass that lived in CVE-2023-27350's shadow, is back. Storm-1175 is deploying Medusa ransomware through it with sub-24-hour exploitation tempo. CISA added it to KEV in April 2026. If you patched the RCE in 2023 and moved on, check whether the auth bypass actually closed.
Analysis · May 5, 2026 · The Field Notes Desk

The 6.5 that enabled 400 compromises: authentication bypasses and the CVSS blind spot

CVE-2025-49706 scored CVSS 6.5. It enabled unauthenticated RCE across 400+ SharePoint servers. Authentication bypasses are consistently underscored, and consistently the vulnerability class that turns a bad bug into a mass-exploitation campaign.
Analysis · May 5, 2026 · The Field Notes Desk

48 hours from patch to exploitation: CVE-2026-23760 and the window that doesn't exist anymore

SmarterMail's patch shipped January 15. Attackers decompiled the .NET assemblies, found the fix, built a working exploit, and were inside production systems by January 17. Then they breached SmarterTools itself.