Aikido Intel
Secure My Code
Intel

AIKIDO-2026-10639

ethyca-fides is vulnerable to Authentication Bypass Using an Alternate Path or Channel

Authentication Bypass Using an Alternate Path or ChannelCVE-2026-42303 Published Apr 29, 2026

60

Medium Risk

This Affects:

PYTHONethyca-fides
2.75.0 - 2.83.1
Fixed in 2.83.2
Are you affected? Scan for Free

TL;DR

Affected versions of this package skip the identity-verification check on privacy requests classified as duplicates, so administrators can approve them even when the requester was never verified. An unverified requester could trigger personal-data actions through a crafted duplicate request.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

ethyca-fides is vulnerable to Authentication Bypass Using an Alternate Path or Channel in versions 2.75.0 - 2.83.1.

How to fix this

Upgrade the ethyca-fides library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done