Plateforme
go
Composant
nginx
Corrigé dans
7.5.1
7.15.2
7.15.3
CVE-2026-40575 describes a critical authentication bypass vulnerability discovered in Nginx OAuth2 Proxy. This flaw allows attackers to potentially bypass authentication checks by manipulating the X-Forwarded-Uri header. The vulnerability affects versions 7.5.0 through 7.15.2 and is resolved in version 7.15.2.
The impact of CVE-2026-40575 is significant. An attacker who can successfully exploit this vulnerability can bypass authentication and gain unauthorized access to protected resources behind the OAuth2 Proxy. This could lead to data breaches, privilege escalation, and complete compromise of the backend systems. The vulnerability is configuration-dependent, requiring --reverse-proxy and either --skipauthroutes or the legacy --skip-auth-regex to be enabled. The ability to spoof the X-Forwarded-Uri header allows attackers to redirect OAuth2 Proxy's authentication and routing logic, effectively bypassing intended security controls. This is similar to other header manipulation vulnerabilities where improper validation leads to unexpected behavior.
CVE-2026-40575 was publicly disclosed on 2026-04-22. The vulnerability's severity is rated as CRITICAL (CVSS 9.1). There is currently no indication of active exploitation in the wild, but the ease of exploitation and the potential impact warrant immediate attention. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be easily demonstrated.
Organizations deploying Nginx OAuth2 Proxy in reverse proxy mode with authentication skipping rules are at significant risk. This includes environments using OAuth2 Proxy to protect APIs or internal applications. Shared hosting environments where users can configure OAuth2 Proxy independently are also particularly vulnerable.
• linux / server:
journalctl -u oauth2-proxy | grep -i "X-Forwarded-Uri"• generic web:
curl -I <target_url> | grep X-Forwarded-Uri• generic web:
Inspect access logs for requests containing unusual or unexpected values in the X-Forwarded-Uri header.
disclosure
Statut de l'Exploit
EPSS
0.11% (percentile 29%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-40575 is to upgrade Nginx OAuth2 Proxy to version 7.15.2 or later, which contains the fix. If an immediate upgrade is not possible, consider temporarily disabling the --reverse-proxy feature if it's not essential. Alternatively, carefully review and restrict the allowed values for the X-Forwarded-Uri header using a reverse proxy or WAF. Implement strict validation of the X-Forwarded-Uri header to ensure it conforms to expected patterns. Monitor access logs for suspicious requests containing manipulated X-Forwarded-Uri headers. After upgrading, confirm the fix by attempting to access protected routes with a crafted X-Forwarded-Uri header and verifying that authentication is enforced.
Para mitigar este problema, actualice a la versión 7.15.2 o superior de OAuth2 Proxy. Alternativamente, elimine el encabezado `X-Forwarded-Uri` suministrado por el cliente en el proxy inverso o balanceador de carga, o reescríbalo con la URI de solicitud real antes de enviarlo a OAuth2 Proxy.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-40575 is a critical authentication bypass vulnerability in Nginx OAuth2 Proxy allowing attackers to bypass authentication by manipulating the X-Forwarded-Uri header. It affects versions 7.5.0–7.15.2.
You are affected if you are using Nginx OAuth2 Proxy versions 7.5.0 through 7.15.2 and have configured --reverse-proxy along with --skipauthroutes or --skip-auth-regex.
Upgrade Nginx OAuth2 Proxy to version 7.15.2 or later. If an upgrade is not immediately possible, disable --reverse-proxy or implement strict validation of the X-Forwarded-Uri header.
There is currently no indication of active exploitation in the wild, but the vulnerability's ease of exploitation warrants immediate attention.
Refer to the official Nginx OAuth2 Proxy project's security advisories for the most up-to-date information: https://github.com/oauth2-proxy/oauth2-proxy/security/advisories
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier go.mod et nous te dirons instantanément si tu es affecté.