CVE-2026-12225: CWE-288 Authentication bypass using an alternate path or channel in syracom AG Secure Login (2FA) for Jira
syracom AG Secure Login (2FA) for Atlassian Jira version 3.4.0.0 contains an authentication bypass vulnerability. An attacker with valid user credentials can bypass the two-factor authentication by sending HTTP requests with a crafted User-Agent header containing specific strings like AtlassianMobileApp or JIRA. This allows access to the affected Atlassian application without completing 2FA. If the compromised account has administrative privileges, the attacker can perform administrative actions including disabling the 2FA plugin. The vulnerability is fixed in version 3.5.0.0.
AI Analysis
Technical Summary
CVE-2026-12225 is an authentication bypass vulnerability in syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket version 3.4.0.0. The vulnerability arises because the plugin does not enforce two-factor authentication checks when the HTTP User-Agent header contains certain strings such as AtlassianMobileApp or JIRA. An attacker with valid credentials can exploit this to bypass 2FA and gain unauthorized access to protected resources. Administrative accounts compromised this way can be used to disable the 2FA plugin or make arbitrary administrative changes. The issue is resolved in version 3.5.0.0.
Potential Impact
Successful exploitation allows an attacker who already has valid user credentials to bypass the two-factor authentication mechanism, gaining full access to the affected Atlassian application as the targeted user. If the compromised user has administrative privileges, the attacker can access administrative functions, including disabling the 2FA plugin or making arbitrary administrative changes, significantly increasing the risk to the affected environment.
Mitigation Recommendations
A fix is available in syracom AG Secure Login (2FA) version 3.5.0.0. Users of version 3.4.0.0 should upgrade to version 3.5.0.0 or later to remediate this vulnerability. No other mitigation guidance is provided in the vendor advisory.
CVE-2026-12225: CWE-288 Authentication bypass using an alternate path or channel in syracom AG Secure Login (2FA) for Jira
Description
syracom AG Secure Login (2FA) for Atlassian Jira version 3.4.0.0 contains an authentication bypass vulnerability. An attacker with valid user credentials can bypass the two-factor authentication by sending HTTP requests with a crafted User-Agent header containing specific strings like AtlassianMobileApp or JIRA. This allows access to the affected Atlassian application without completing 2FA. If the compromised account has administrative privileges, the attacker can perform administrative actions including disabling the 2FA plugin. The vulnerability is fixed in version 3.5.0.0.
CVSS v4.0
Score 8.7high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12225 is an authentication bypass vulnerability in syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket version 3.4.0.0. The vulnerability arises because the plugin does not enforce two-factor authentication checks when the HTTP User-Agent header contains certain strings such as AtlassianMobileApp or JIRA. An attacker with valid credentials can exploit this to bypass 2FA and gain unauthorized access to protected resources. Administrative accounts compromised this way can be used to disable the 2FA plugin or make arbitrary administrative changes. The issue is resolved in version 3.5.0.0.
Potential Impact
Successful exploitation allows an attacker who already has valid user credentials to bypass the two-factor authentication mechanism, gaining full access to the affected Atlassian application as the targeted user. If the compromised user has administrative privileges, the attacker can access administrative functions, including disabling the 2FA plugin or making arbitrary administrative changes, significantly increasing the risk to the affected environment.
Mitigation Recommendations
A fix is available in syracom AG Secure Login (2FA) version 3.5.0.0. Users of version 3.4.0.0 should upgrade to version 3.5.0.0 or later to remediate this vulnerability. No other mitigation guidance is provided in the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- SEC-VLab
- Date Reserved
- 2026-06-14T15:35:21.997Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3133ca0b89be68889d536c
Added to database: 6/16/2026, 11:30:18 AM
Last enriched: 6/16/2026, 11:45:15 AM
Last updated: 6/16/2026, 12:40:15 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.