Github.Com Ory Oathkeeper vulnerabilities
4 known vulnerabilities affecting github.com/ory_oathkeeper.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-33494P2CRITICAL≥ 0, < 0.40.10-0.20260320084758-8e00021404912026-03-20
CVE-2026-33494 [CRITICAL] CWE-23 Ory Oathkeeper has a path traversal authorization bypass
Ory Oathkeeper has a path traversal authorization bypass
## Description
Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evalu
ghsaosv
CVE-2026-33496P3HIGH≥ 0, < 0.40.10-0.20260320084801-198a2bc82a992026-03-20
CVE-2026-33496 [HIGH] CWE-1289 Ory Oathkeeper has an authentication bypass by cache key confusion
Ory Oathkeeper has an authentication bypass by cache key confusion
## Description
Ory Oathkeeper is vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token
ghsaosv
CVE-2021-32701P3HIGH≥ 0.38.0-beta.2, < 0.38.12-beta.12021-06-24
CVE-2021-32701 [HIGH] CWE-863 Incorrect Authorization in ORY Oathkeeper
Incorrect Authorization in ORY Oathkeeper
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that
ghsaosv
CVE-2026-33495P3MEDIUM≥ 0, < 0.40.10-0.20260320084810-e9acca14a04d2026-03-20
CVE-2026-33495 [MEDIUM] CWE-862 Ory Oathkeeper has an authentication bypass by usage of untrusted header
Ory Oathkeeper has an authentication bypass by usage of untrusted header
## Description
Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the request to the Oathkeeper proxy with a different protocol (http vs. https) than the original request. In order to properly match the request against th
ghsaosv