CVE-2026-59096
Dapr Sentry’s OIDC discovery endpoint can be poisoned: the issuer and jwks_uri in /.well-known/openid-configuration are derived from the request Host via an attacker-controlled X-Forwarded-Host when oidc-allowed-hosts is not configured, and the document is cached for one hour. This allows remote ...