Vulnerabilities3 min read
OAuth2 Proxy Auth Bypass Lets Attackers Access Protected Routes
CVE-2026-40575 (CVSS 9.1) allows unauthenticated attackers to bypass OAuth2 Proxy authentication via X-Forwarded-Uri header spoofing. Patch to v7.15.2 immediately.
Marcus ChenApr 22, 2026