CVE-2026-33495 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-33495 PUBLISHED CVSS 6.5 MEDIUM

Ory Oathkeeper has an authentication bypass by usage of untrusted header

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
ory	oathkeeper	< 26.2.0, < 26.2.0, < 26.2.0
github.com	ory/oathkeeper	0, 0, 0

Timeline

Mar 20, 2026 CVE Published
Mar 22, 2026 Security Advisory
Mar 27, 2026 CVE Updated

References

Open in Interactive Console →