CVE-2026-24359
Published: 25 March 2026
Summary
CVE-2026-24359 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for all logical access paths and channels, directly preventing authentication bypass via alternate paths in the Dokan Lite plugin.
Requires robust identification and authentication for organizational users, mitigating flaws that allow low-privileged users to bypass authentication controls.
Mandates timely identification, reporting, and remediation of flaws like CVE-2026-24359, including patching the vulnerable Dokan Lite plugin versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass in public-facing WordPress plugin directly enables remote exploitation of the application and privilege escalation from low-priv authenticated user to high-impact access.
NVD Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.
Deeper analysisAI
CVE-2026-24359 is an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288) in the Dokan Lite WordPress plugin from Dokan, Inc. This flaw enables authentication abuse and affects all versions of Dokan Lite up to and including 4.2.4. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to network accessibility, low complexity, and significant impacts on confidentiality, integrity, and availability.
A low-privileged authenticated user (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity and no user interaction required (UI:N). Exploitation allows the attacker to bypass authentication via an alternate path or channel, potentially achieving high-level unauthorized access that compromises confidentiality, integrity, and availability within the affected WordPress environment.
The Patchstack advisory provides details on this broken authentication vulnerability in Dokan Lite version 4.2.4 and likely includes mitigation guidance, available at https://patchstack.com/database/Wordpress/Plugin/dokan-lite/vulnerability/wordpress-dokan-plugin-4-2-4-broken-authentication-vulnerability?_s_id=cve.
Details
- CWE(s)