VYPR

Oathkeeper

by Ory

Source repositories

CVEs (4)

  • CVE-2026-33494CriMar 26, 2026
    risk 0.58cvss 10.0epss 0.01

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path…

  • CVE-2026-33496HigMar 26, 2026
    risk 0.46cvss 8.1epss 0.00

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator…

  • CVE-2026-33495MedMar 26, 2026
    risk 0.35cvss 6.5epss 0.00

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component…

  • CVE-2021-32701Jun 22, 2021
    risk 0.00cvss epss 0.01

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection…