18 matches found
CVE-2026-41059
A flaw was found in OAuth2 Proxy. An unauthenticated attacker can exploit a configuration-dependent authentication bypass by sending a crafted request containing a number sign in the path. This allows the OAuth2 Proxy to incorrectly match a public allowlist rule, leading to the exposure of...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the processing of request paths containing a number sign or its encoded form %23 when using skipauthroutes or skipauthregex settings. An attacker can gain unauthorized access t...
CVE-2026-41059
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...
EUVD-2026-24559
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...
CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex; use of patterns...
CVE-2026-41059
The CVE concerns OAuth2 Proxy (versions 7.5.0–7.15.1) where a configuration-driven authentication bypass can occur due to patterns in skip_auth_routes or legacy skip_auth_regex. Attacks are possible when attacker-controlled suffixes widen patterns (for example, ^/foo/.*/bar$) so that a # in the p...
PT-2026-34215
Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions 7.5.0 through 7.15.1 Description A configuration-dependent authentication bypass exists when the software is deployed using skip auth routes or the legacy skip auth regex with patterns that can be widened by...
GHSA-PXQ7-H93F-9JRG OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex Use of patterns that can be widened by attacker-controlled suffixes, such as ^/foo/./bar$ causing potential...
OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: Use of skipauthroutes or the legacy skipauthregex Use of patterns that can be widened by attacker-controlled suffixes, such as ^/foo/./bar$ causing potential...
GHSA-7X63-XV5R-3P2X OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...
GHSA-VPGC-2F6G-7W7X n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK
Impact When the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an OAuth flow against a credential object the attacker controls, causing...
Authentication Bypass
github.com/oauth2-proxy/oauth2-proxy is vulnerable to Authentication Bypass. The vulnerability is due to the skipauthroutes configuration option matching against the full request URI, including query parameters, when using overly permissive regex patterns, which allows an attacker to craft URLs...
GO-2025-3833 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxy
OAuth2-Proxy has authentication bypass in oauth2-proxy skipauthroutes due to Query Parameter inclusion in github.com/oauth2-proxy/oauth2-proxy...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to using the skipauthroutes configuration option with regex patterns. An attacker can gain unauthorized access to protected resources by crafting URLs with query parameters that match overly broad or improperly...
OAuth2-Proxy 安全漏洞
oauth2-proxy is a reverse proxy software from the OAuth2 Proxy open source. A security vulnerability exists in OAuth2-Proxy version 7.10.0 and earlier, which stems from the possibility of bypassing authentication when the skipauthroutes configuration option uses regular expressions...