CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

153 matches found

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

3.5CVSS5.4AI score0.00011EPSS

Exploits0References1

RedhatCVE•added yesterday•5 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.5AI score0.00053EPSS

Exploits0References1

RedhatCVE•added 2026/04/28 6:24 p.m.•4 views

CVE-2026-40575

A flaw was found in OAuth2 Proxy. When configured with --reverse-proxy and either --skip-auth-regex or --skip-auth-route, the proxy may trust a client-supplied X-Forwarded-Uri header. An unauthenticated remote attacker can exploit this by spoofing the header, leading to an authentication bypass...

9.1CVSS5.5AI score0.00093EPSS

Exploits0References4

RedhatCVE•added 2026/04/27 9:10 p.m.•1 views

CVE-2026-41059

A flaw was found in OAuth2 Proxy. An unauthenticated attacker can exploit a configuration-dependent authentication bypass by sending a crafted request containing a number sign in the path. This allows the OAuth2 Proxy to incorrectly match a public allowlist rule, leading to the exposure of...

8.2CVSS5.3AI score0.00311EPSS

Exploits0References4

RedhatCVE•added 2026/04/23 10:46 p.m.•1 views

CVE-2026-40574

A flaw was found in OAuth2 Proxy, a reverse proxy providing authentication using OAuth2 providers. A remote attacker can exploit an authorization bypass vulnerability by crafting a malicious email claim. This allows the attacker to bypass emaildomain restrictions, which are used to limit access t...

6.8CVSS5.8AI score0.00053EPSS

Exploits0References4

OSV•added 2026/04/23 8:47 a.m.•4 views

BIT-OAUTH2-PROXY-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

9.1CVSS5.8AI score0.00093EPSS

Exploits0References2

NVD•added 2026/04/22 12:16 a.m.•4 views

CVE-2026-41059

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS0.00311EPSS

Exploits0References1

NVD•added 2026/04/22 12:16 a.m.•4 views

CVE-2026-40575

9.1CVSS0.00093EPSS

Exploits0References1

Snyk•added 2026/04/22 12:8 a.m.•2 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

9.1CVSS5.4AI score0.00093EPSS

Exploits0References2

Snyk•added 2026/04/22 12:8 a.m.•2 views

User Impersonation

9.1CVSS5.4AI score0.00093EPSS

Exploits0References2

Snyk•added 2026/04/22 12:8 a.m.•3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...

8.3CVSS5.4AI score0.00311EPSS

Exploits0References2

Snyk•added 2026/04/22 12:8 a.m.•2 views

Authentication Bypass Using an Alternate Path or Channel

8.3CVSS5.4AI score0.00311EPSS

Exploits0References2

CNNVD•added 2026/04/22 12:0 a.m.•5 views

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions 7.5.0 to 7.15.1 of OAuth2 Proxy have security vulnerabilities. These vulnerabilities stem from configuration-related authenticatio...

8.2CVSS5.8AI score0.00311EPSS

Exploits0References1

CNNVD•added 2026/04/22 12:0 a.m.•6 views

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. There were security vulnerabilities in the versions of OAuth2 Proxy from 7.5.0 to 7.15.1. These vulnerabilities stemmed from the possibilit...

9.1CVSS5.8AI score0.00093EPSS

Exploits0References1

CVE•added 2026/04/21 11:20 p.m.•8 views

CVE-2026-40575

OAuth2 Proxy versions 7.5.0–7.15.1 can trust a client-supplied X-Forwarded-Uri when --reverse-proxy and at least one --skip-auth-regex/--skip-auth-route are configured, enabling header spoofing that makes authentication rules run against a different path. This can let an unauthenticated attacker ...

9.1CVSS5.8AI score0.00093EPSS

Exploits0References1Affected Software1