- Severity
- Medium · CVSS 5.3
- Target
- Enterprise Consumer Brand
- Date
- 2026-02
- Category
- Authentication Bypass / Information Disclosure
CDN Caching Bypass on Basic Auth Protected Staging Environment
A staging environment was protected by HTTP Basic Authentication at the origin. However, the CDN served cached pre-rendered pages without enforcing auth, allowing full unauthenticated access to staging content, JavaScript bundles, and potentially unreleased features.
Attack Chain
Step 1: Root path requires authentication
The root URL correctly returned 401 with a Basic Auth challenge.
Step 2: Sub-paths bypass auth via CDN cache
Pre-rendered pages and static assets returned 200 without any credentials.
What Scanners Would Miss
A scanner sees 401 on the root and moves on. It doesn't test alternate paths where CDN caching breaks the auth model.
By the Pinaka team · Published for educational purposes. All findings were responsibly disclosed.