CVE-2026-40575 — Authentication Bypass by Spoofing in Oauth2-proxy Oauth2-proxy V7

OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing ### Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: * OAuth2 Proxy is configured with `--reverse-proxy` * and at least one rule is defined with `--skip_auth_routes` or the legacy `--skip-auth-regex` OAuth2 Proxy may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-route` or…