CVE-2026-42745
Received
Received - Intake
Authentication Bypass in ZAYTECH Smart Online Order for Clover
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Patchstack
Description
Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zaytech | smart_online_order_for_clover | to 1.6.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass Using an Alternate Path or Channel in the ZAYTECH Smart Online Order for Clover application. It allows an attacker to bypass the normal authentication mechanisms, potentially gaining unauthorized access to the system.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized access, which may result in the attacker gaining limited confidentiality, integrity, and availability impacts on the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70