Product
high
advisory
ORY Oathkeeper Authentication Bypass Vulnerability (CVE-2026-33496)
2 rules 1 TTPORY Oathkeeper before 26.2.0 is vulnerable to authentication bypass (CVE-2026-33496) due to cache key confusion in the `oauth2_introspection` authenticator, allowing attackers with a valid token to bypass authentication by reusing it with different introspection URLs.
Oathkeeper
authentication-bypass
vulnerability
cache-poisoning
cloud
2r
1t
critical
advisory
ORY Oathkeeper Authorization Bypass via Path Traversal (CVE-2026-33494)
2 rules 1 TTPORY Oathkeeper versions prior to 26.2.0 are vulnerable to an authorization bypass (CVE-2026-33494) via HTTP path traversal, enabling attackers to access protected resources by crafting URLs with path traversal sequences.
Oathkeeper
CVE-2026-33494
ORY Oathkeeper
path traversal
authorization bypass
2r
1t