2460160 – (CVE-2026-40574) CVE-2026-40574 github.com/oauth2-proxy/oauth2-proxy: OAuth2 Proxy: Authorization Bypass via malicious email claim

Bug 2460160 (CVE-2026-40574) - CVE-2026-40574 github.com/oauth2-proxy/oauth2-proxy: OAuth2 Proxy: Authorization Bypass via malicious email claim

Summary: CVE-2026-40574 github.com/oauth2-proxy/oauth2-proxy: OAuth2 Proxy: Authorizat...

Keywords:
Status:	NEW
Alias:	CVE-2026-40574
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-21 17:01 UTC by OSIDB Bzimport
Modified:	2026-04-23 22:44 UTC (History)
CC List:	16 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-21 17:01:40 UTC

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An attacker may be able to authenticate with an email claim such as attacker@company.com and satisfy an allowed domain check for company.com, even though the claim is not a valid email address. The issue ONLY affects deployments that rely on email_domain restrictions and accept email claim values from identity providers or claim mappings that do not strictly enforce normal email syntax. This vulnerability is fixed in 7.15.2.

Note You need to log in before you can comment on or make changes to this bug.