Severity
Medium · CVSS 5.3
Target
Enterprise Consumer Brand
Date
2026-02
Category
Authentication Bypass / Information Disclosure

CDN Caching Bypass on Basic Auth Protected Staging Environment

A staging environment was protected by HTTP Basic Authentication at the origin. However, the CDN served cached pre-rendered pages without enforcing auth, allowing full unauthenticated access to staging content, JavaScript bundles, and potentially unreleased features.

Attack Chain

    Step 1: Root path requires authentication

    The root URL correctly returned 401 with a Basic Auth challenge.

    Step 2: Sub-paths bypass auth via CDN cache

    Pre-rendered pages and static assets returned 200 without any credentials.

What Scanners Would Miss

A scanner sees 401 on the root and moves on. It doesn't test alternate paths where CDN caching breaks the auth model.

By the Pinaka team · Published for educational purposes. All findings were responsibly disclosed.