authorization-bypass
Safeguard articles tagged "authorization-bypass" — guides, analysis, and best practices for software supply chain and application security.
5 articles
CVE-2022-31692: how a forward dispatch bypassed Spring Security authorization
A CVSS 9.8 flaw let a single internal forward skip Spring Security's URL-based access checks entirely — here's the root cause and the exact config fix.
CVE-2025-29927: inside the Next.js middleware auth bypass
A single spoofed header let attackers skip Next.js middleware entirely — CVSS 9.1, four major versions affected, exploited in the wild within days.
CVE-2025-29927: Next.js middleware authorization bypass
A spoofable internal header let attackers skip Next.js middleware outright, bypassing auth and route protection across many production deployments.
Spring Security authorization rule bypass (CVE-2023-34035)
CVE-2023-34035 lets Spring Security's requestMatchers() silently mis-evaluate authorization rules in multi-servlet apps. Here's the fix and how to detect exposure.
CVE-2018-1199: Authorization bypass in Spring Security CO...
CVE-2018-1199 let CORS pre-flight requests slip past Spring Security's authorization checks. What it affected, its real severity, and how to remediate it.