Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

oauth2-proxy — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting oauth2-proxy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OAuth2-proxy serves as a reverse proxy and authentication gateway for OAuth 2.0, enabling secure access control for web applications and services. Historically, it has been susceptible to multiple vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with nine CVEs documented to date. Notable security characteristics include its role in managing authentication flows and protecting endpoints, though past incidents have revealed flaws in session handling and input validation that could allow unauthorized access or bypass security controls. The project's security posture has evolved through patches, but its complexity in handling authentication tokens and headers remains a potential attack surface requiring careful configuration and monitoring.

Top products by oauth2-proxy: oauth2-proxy
CVE IDTitleCVSSSeverityPublished
CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing — oauth2-proxyCWE-290 9.1 Critical2026-04-21
CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex — oauth2-proxyCWE-288 8.2 High2026-04-21
CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims — oauth2-proxyCWE-863 6.8 Medium2026-04-21
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode — oauth2-proxyCWE-290 9.1 Critical2026-04-14
CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page — oauth2-proxyCWE-613 3.5 Low2026-04-14
CVE-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation — oauth2-proxyCWE-644 8.5 High2025-11-10
CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion — oauth2-proxyCWE-290 9.1 Critical2025-07-30
CVE-2021-21411 Incorrect authorization in OAuth2-Proxy — oauth2-proxyCWE-863 5.5 Medium2021-03-26
CVE-2021-21291 Subdomain checking of whitelisted domains could allow unintended redirects — oauth2-proxyCWE-601 4.7 Medium2021-02-02

This page lists every published CVE security advisory associated with oauth2-proxy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.