CVE-2026-42238: Gin Conditional Auth Required Bypass
Gin middleware function conditionally invokes middleware.AuthRequired() only on one branch and calls ctx.Next() on the other branch, allowing requests to proceed unauthenticated when the condition is false. This is a state- or time-window-dependent authentication bypass (e.g. "auth only after install" or "auth only after a timeout"); attackers can hit the ro
greprules fetch cve-2026-42238-gin-conditional-auth-required-bypass --engine opengrepDescription
Gin middleware function conditionally invokes middleware.AuthRequired() only on one branch and calls ctx.Next() on the other branch, allowing requests to proceed unauthenticated when the condition is false. This is a state- or time-window-dependent authentication bypass (e.g. "auth only after install" or "auth only after a timeout"); attackers can hit the ro
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.