CVE-2026-33496

Name of the Vulnerable Software and Affected Versions Ory Oathkeeper (affected versions not specified)

Description Ory Oathkeeper is susceptible to authentication bypass due to cache key confusion within the oauth2 introspection authenticator. The caching mechanism does not differentiate between tokens validated using distinct introspection URLs. An attacker can leverage a valid token to populate the cache and subsequently utilize the same token for rules associated with a different introspection server. This requires multiple oauth2 introspection authenticator servers configured with caching enabled, and the attacker must possess a valid token for one of these servers.

Recommendations Update to the patched version of Ory Oathkeeper. If an immediate update is not feasible, disable caching for oauth2 introspection authenticators.