Tag
ORY Oathkeeper before 26.2.0 is vulnerable to authentication bypass (CVE-2026-33496) due to cache key confusion in the `oauth2_introspection` authenticator, allowing attackers with a valid token to bypass authentication by reusing it with different introspection URLs.