CVE-2026-59096 - Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host
CVE ID :CVE-2026-59096 Published : July 2, 2026, 7:41 p.m. | 3 hours, 31 minutes ago Description :Dapr Sentry's OIDC discovery endpoint derives the issuer and jwks_uri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host...