CVE-2026-42674
7.5 HIGHAuthentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding
Published: 2026-06-01 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-290
Description
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48567 — Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network (10.0 CRITICAL)
- CVE-2026-11019 — Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised... (6.5 MEDIUM)
- CVE-2026-11001 — Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage... (6.5 MEDIUM)
- CVE-2026-8644 — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing (9.1 CRITICAL)
- CVE-2026-47123 — FreeScout is a free help desk and shared inbox built with PHP's Laravel framework (7.5 HIGH)