CWE-305: Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Last updated
Overview
CWE-305 (Authentication Bypass by Primary Weakness) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
135 recorded CVEs are caused by CWE-305 (Authentication Bypass by Primary Weakness), including 2 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 32 new CWE-305 CVEs have been recorded so far in 2026 (36 in 2025).