Cyber Resilience

CWE · MITRE source

CWE-302Authentication Bypass by Assumed-Immutable Data

Abstraction: Base · CVEs in our corpus: 38

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 9 mapping(s) from 3 framework(s): CAPEC 6 (partial) · ATT&CK 2 (partial) · OWASP-Web 1 (full)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A07:2025 Authentication Failures.

NIST 800-53 r5 controls that address this weakness (1)AI

Control Title Family Why it addresses this CWE
IA-8Identification and Authentication (Non-organizational Users)IAProper authentication for non-organizational users counters bypasses relying on assumed-immutable data.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-434418.09.80.69652024-12-24
CVE-2016-94827.09.80.04662018-07-13
CVE-2023-46697.09.80.00962023-09-14
CVE-2023-46127.09.80.00942023-11-09
CVE-2024-564047.09.90.00652025-01-24
CVE-2025-29813 UPD7.010.00.01532025-05-08
CVE-2025-47158 UPD7.09.00.00672025-07-18
CVE-2025-632107.09.80.00502025-11-19
CVE-2026-487817.09.90.00212026-06-17
CVE-2024-40246.07.30.14902024-04-25
CVE-2020-150745.57.50.01042020-07-14
CVE-2022-227295.58.80.00912022-03-11
CVE-2022-38755.57.30.00972022-12-19
CVE-2024-221795.57.50.00392024-04-18
CVE-2024-37415.57.50.00492024-04-18
CVE-2024-490565.57.30.01042024-11-12
CVE-2024-128385.58.80.00732024-12-31
CVE-2025-248765.58.10.00472025-02-11
CVE-2025-8855 UPD5.58.10.00342025-11-14
CVE-2024-453705.57.30.00152025-12-01
CVE-2026-394295.58.20.00442026-04-08
CVE-2026-402855.58.80.00272026-04-17
CVE-2021-13993.54.30.00622021-04-08
CVE-2021-15613.55.40.00742021-08-18
CVE-2022-25033.56.90.00352022-08-12