Tag
ORY Oathkeeper versions prior to 26.2.0 are vulnerable to an authorization bypass (CVE-2026-33494) via HTTP path traversal, enabling attackers to access protected resources by crafting URLs with path traversal sequences.