CVE-2026-34457

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2

Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variable is set or the --gcp-healthchecks variable is enabled. In these cases, the software treats any request containing the configured health check User-Agent value as a successful health check, regardless of the requested path. This allows an unauthenticated remote attacker to bypass authentication and access protected upstream resources.

Recommendations Update to version 7.15.2. Disable --gcp-healthchecks. Remove any configured --ping-user-agent. Ensure the reverse proxy does not forward client-controlled User-Agent headers to the OAuth2 Proxy auth subrequest. Use path-based health checks only on dedicated health check endpoints.