Vendor
high
advisory
OAuth2 Proxy Authentication Bypass Vulnerability (CVE-2026-41059)
2 rules 2 TTPs 1 CVEOAuth2 Proxy versions 7.5.0 through 7.15.1 are vulnerable to an authentication bypass (CVE-2026-41059) due to improper handling of URL fragments in conjunction with `skip_auth_routes` or `skip_auth_regex`, potentially allowing unauthenticated access to protected resources.
OAuth2 Proxy
oauth2proxy
authentication-bypass
cve
2r
2t
1c
critical
advisory
OAuth2 Proxy Authentication Bypass via X-Forwarded-Uri Spoofing
2 rules 1 TTP 1 CVEOAuth2 Proxy versions 7.5.0 through 7.15.1 are vulnerable to an authentication bypass where attackers can spoof the `X-Forwarded-Uri` header when `--reverse-proxy` is enabled alongside `--skip-auth-regex` or `--skip-auth-route`, allowing unauthorized access to protected resources.
OAuth2 Proxy
oauth2-proxy
authentication-bypass
CVE-2026-40575
reverse-proxy
2r
1t
1c