CVE-2026-11618: Taier Improper Auth Interceptor
The preHandle method checks if an authentication token is missing or blank but returns true immediately without validating its cryptographic integrity or decrypting it. This allows an attacker to bypass authentication by providing any arbitrary non-blank string. Validate or decrypt the token before returning true.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Javaβ
Javaβgreprules fetch cve-2026-11618-taier-improper-auth-interceptor --engine opengrepDescription
The preHandle method checks if an authentication token is missing or blank but returns true immediately without validating its cryptographic integrity or decrypting it. This allows an attacker to bypass authentication by providing any arbitrary non-blank string. Validate or decrypt the token before returning true.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0