Lucene search
K

4 matches found

NVD
NVD
added 2026/04/22 12:16 a.m.9 views

CVE-2026-41059

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 11:17 p.m.2 views

CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/30 8:43 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to using the skipauthroutes configuration option with regex patterns. An attacker can gain unauthorized access to protected resources by crafting URLs with query parameters that match overly broad or improperly...

9.3CVSS7AI score0.01133EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/30 8:43 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to using the skipauthroutes configuration option with regex patterns. An attacker can gain unauthorized access to protected resources by crafting URLs with query parameters that match overly broad or improperly...

9.3CVSS7AI score0.01133EPSS
Exploits1References2
Rows per page
Query Builder