4 matches found
CVE-2021-32701
ORY Oathkeeper’s CVE-2021-32701 describes an issue in the oauth2_introspection cache where a second request for a different scope (bar) could be treated as valid even if the new scope wasn’t granted, due to the cache not validating scopes beyond expiration. The root cause is that tokenFromCache i...
CVE-2026-33495
CVE-2026-33495 affects ORY Oathkeeper. Prior to version 26.2.0, Oathkeeper could incorrectly trust the X-Forwarded-* headers when evaluating access rules, due to the serve.proxy.trust_forwarded_headers setting being ignored. This could allow an attacker with distinct HTTP/HTTPS rules to trigger t...
CVE-2026-33496
Overview: CVE-2026-33496 affects ORY Oathkeeper (Identity & Access Proxy) prior to version 26.2.0, where the oauth2_introspection authenticator cache fails to distinguish tokens across different introspection URLs, enabling authentication bypass via cache key confusion. Impact (as described): An ...
CVE-2026-33494
ORY Oathkeeper (IAP/Access Control Decision API) versions before 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL with path traversal sequences (for example /public/../admin/secrets) that normalizes to a protected path but is evaluated against ...