CWE-290: Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Last updated
Overview
CWE-290 (Authentication Bypass by Spoofing) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
453 recorded CVEs are caused by CWE-290 (Authentication Bypass by Spoofing), including 5 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 119 new CWE-290 CVEs have been recorded so far in 2026 (105 in 2025).