top of page
perceptive_background_267k.jpg

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication…

Published:

21 April 2026 at 22:00:00

Alert date:

22 April 2026 at 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Web Technologies

OAuth2 Proxy versions 7.5.0 through 7.15.1 contain a configuration-dependent authentication bypass vulnerability. Affected deployments use skip_auth_routes or skip_auth_regex with broad wildcard patterns that can be exploited by attackers using fragment delimiters (#) or URL-encoded forms (%23) in request paths. Unauthenticated attackers can bypass authentication controls to access protected resources. The vulnerability requires specific configuration conditions to be exploitable. Fixed in version 7.15.2 with improved path normalization. Deployments using exact path matching or not using skip-auth options are not affected.

Technical details

Mitigation steps:

Affected products:

OAuth2 Proxy

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41059
https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-pxq7-h93f-9jrg

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page