CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

SUSE CVE•added 2026/03/28 12:25 a.m.•4 views

SUSE CVE-2026-33494

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences...

10CVSS5.9AI score0.00519EPSS

Exploits0References3

SUSE CVE•added 2026/03/28 12:25 a.m.•3 views

SUSE CVE-2026-33495

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...

6.5CVSS5.9AI score0.00233EPSS

Exploits0References3

SUSE CVE•added 2026/03/28 12:25 a.m.•3 views

SUSE CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS5.9AI score0.00333EPSS

Exploits0References3

RedhatCVE•added 2026/03/27 10:51 p.m.•3 views

CVE-2026-33494

10CVSS5.9AI score0.00519EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 10:51 p.m.•8 views

CVE-2026-33495

6.5CVSS5.9AI score0.00233EPSS

Exploits0References1

NVD•added 2026/03/26 6:16 p.m.•5 views

CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS0.00333EPSS

Exploits0References2

NVD•added 2026/03/26 6:16 p.m.•2 views

CVE-2026-33494

10CVSS0.00519EPSS

Exploits0References2

NVD•added 2026/03/26 6:16 p.m.•5 views

CVE-2026-33495

6.5CVSS0.00233EPSS

Exploits0References2

ATTACKERKB•added 2026/03/26 5:29 p.m.•4 views

CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS5.8AI score0.00333EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/26 5:29 p.m.•3 views

CVE-2026-33496 Ory Oathkeeper has an authentication bypass by cache key confusion

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS5.9AI score0.00333EPSS

Exploits0References2

CVE•added 2026/03/26 5:29 p.m.•13 views

CVE-2026-33496

Overview: CVE-2026-33496 affects ORY Oathkeeper (Identity & Access Proxy) prior to version 26.2.0, where the oauth2_introspection authenticator cache fails to distinguish tokens across different introspection URLs, enabling authentication bypass via cache key confusion. Impact (as described): An ...

8.1CVSS5.8AI score0.00333EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/26 5:29 p.m.•4 views

CVE-2026-33496 Ory Oathkeeper has an authentication bypass by cache key confusion

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS6.4AI score0.00333EPSS

Exploits0References4

ATTACKERKB•added 2026/03/26 5:26 p.m.•2 views

CVE-2026-33495

6.5CVSS5.8AI score0.00233EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/26 5:26 p.m.•11 views

CVE-2026-33495

CVE-2026-33495 affects ORY Oathkeeper. Prior to version 26.2.0, Oathkeeper could incorrectly trust the X-Forwarded-* headers when evaluating access rules, due to the serve.proxy.trust_forwarded_headers setting being ignored. This could allow an attacker with distinct HTTP/HTTPS rules to trigger t...

6.5CVSS5.8AI score0.00233EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/26 5:26 p.m.•23 views

CVE-2026-33495 Ory Oathkeeper has an authentication bypass by usage of untrusted header

6.5CVSS0.00233EPSS

Exploits0References2

OSV•added 2026/03/26 5:26 p.m.•1 views

CVE-2026-33495 Ory Oathkeeper has an authentication bypass by usage of untrusted header

6.5CVSS6.3AI score0.00233EPSS

Exploits0References4

Cvelist•added 2026/03/26 5:23 p.m.•23 views

CVE-2026-33494 Ory Oathkeeper has a path traversal authorization bypass

10CVSS0.00519EPSS

Exploits0References2

Vulnrichment•added 2026/03/26 5:23 p.m.•2 views

CVE-2026-33494 Ory Oathkeeper has a path traversal authorization bypass

10CVSS5.9AI score0.00519EPSS

Exploits0References2

ATTACKERKB•added 2026/03/26 5:23 p.m.•5 views

CVE-2026-33494

10CVSS5.8AI score0.00519EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/26 5:23 p.m.•12 views

CVE-2026-33494

ORY Oathkeeper (IAP/Access Control Decision API) versions before 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL with path traversal sequences (for example /public/../admin/secrets) that normalizes to a protected path but is evaluated against ...

10CVSS5.8AI score0.00519EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by