Lucene search
+L

5 matches found

Cvelist
Cvelist
added 2026/04/21 4:32 p.m.35 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 4:32 p.m.3 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 4:32 p.m.22 views

CVE-2026-40574

CVE-2026-40574 affects OAuth2 Proxy. Affected: deployments using email_domain restrictions. Issue: authorization bypass where an attacker can use a malformed multi-@ email claim (e.g., [email protected]@company.com) to satisfy a company.com domain check, even though the claim is not a valid email...

6.8CVSS5.7AI score0.00209EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/21 4:32 p.m.3 views

CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...

6.8CVSS5.9AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33223

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description An authorization bypass exists within the email domain enforcement option. An attacker can authenticate using a malformed email claim, such as [email protected]@company.com, to satisfy an allow...

6.8CVSS5.8AI score0.00209EPSS
Exploits0References7
Rows per page
Query Builder