Authorization Bypass

Authorization bypass occurs when an application verifies who the user is but fails to properly verify what the user is allowed to do. Attackers may access another user’s data, perform restricted actions, modify unauthorized resources, or call privileged APIs. This vulnerability is common in enterprise applications, APIs, admin panels, and multi-user platforms where role-based access control must be enforced consistently.