pkg:Go/github.com/oauth2-proxy/oauth2-proxy/v7

All known vulnerabilities

• CRITICAL9.1CVE-2026-40575OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing
  >= 7.5.0, < 7.15.2
• CRITICAL9.1CVE-2026-34457OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode
  from 0, < 7.15.2
• CRITICAL9.1OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
  from 0, < 7.11.0
• CRITICAL9.1OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
  from 0, < 7.11.0
• HIGH8.5OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation
  from 0, < 7.13.0
• HIGH8.5OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation
  from 0, < 7.13.0
• HIGH8.2OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex
  >= 7.5.0, < 7.15.2
• MEDIUM6.8OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims
  from 0, < 7.15.2
• MEDIUM5.5Incorrect authorization in OAuth2-Proxy
  from 0, < 7.1.0
• MEDIUM5.5Incorrect authorization in OAuth2-Proxy
  from 0, < 7.1.0
• MEDIUM5.4Subdomain checking of whitelisted domains could allow unintended redirects
  from 0, < 7.0.0
• MEDIUM5.4Subdomain checking of whitelisted domains could allow unintended redirects
  from 0, < 7.0.0
• LOW3.5OAuth2 Proxy: Session cookie not cleared when rendering sign-in page
  >= 7.11.0, < 7.15.2