CVE-2026-40575 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 22, 2026
OAuth2 Proxy - Authentication Bypass
Published: April 22, 2026Updated: April 22, 2026Remote Exploitable
Overview
OAuth2 Proxy 7.5.0 through 7.15.1 contains an authentication bypass caused by trusting client-supplied X-Forwarded-Uri header when --reverse-proxy and skip-auth rules are enabled, letting unauthenticated remote attackers access protected routes, exploit requires specific proxy and skip-auth configuration.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Unauthenticated remote attackers can bypass authentication and access protected routes without a valid session.
Mitigation
Upgrade to version 7.15.2 or later; alternatively, strip or overwrite X-Forwarded-Uri headers and restrict direct client access.
Related Resources
Details
- CVE ID
- CVE-2026-40575
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_authentication
- Status
- new
CWE
- CWE-290
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N