Authentication Bypass

github.com/oauth2-proxy/oauth2-proxy is vulnerable to an authentication bypass. The vulnerability is due to improper handling of health check User-Agent values in authrequest-style integrations when --ping-user-agent or --gcp-healthchecks is enabled, which allows an unauthenticated remote attacke...

CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product offered by OAuth2 Proxy organizations that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions of OAuth2 Proxy prior to 7.15.2 had security vulnerabilities. These vulnerabilities stemmed from the emaildomain enforcement option...

PT-2026-32955

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...