Product
OAuth2 Proxy Authentication Bypass via X-Forwarded-Uri Header Spoofing
2 rules 1 TTPOAuth2 Proxy is vulnerable to an authentication bypass when configured with `--reverse-proxy` and `--skip_auth_routes` or `--skip_auth_regex`; by spoofing the `X-Forwarded-Uri` header, an attacker can bypass authentication and access protected routes without a valid session.
OAuth2 Proxy Authentication Bypass Vulnerability (CVE-2026-41059)
2 rules 2 TTPs 1 CVEOAuth2 Proxy versions 7.5.0 through 7.15.1 are vulnerable to an authentication bypass (CVE-2026-41059) due to improper handling of URL fragments in conjunction with `skip_auth_routes` or `skip_auth_regex`, potentially allowing unauthenticated access to protected resources.
OAuth2 Proxy Authentication Bypass via X-Forwarded-Uri Spoofing
2 rules 1 TTP 1 CVEOAuth2 Proxy versions 7.5.0 through 7.15.1 are vulnerable to an authentication bypass where attackers can spoof the `X-Forwarded-Uri` header when `--reverse-proxy` is enabled alongside `--skip-auth-regex` or `--skip-auth-route`, allowing unauthorized access to protected resources.