diff --git a/changelog/unreleased/kong/fix-clustering-forward-proxy-authentication.yml b/changelog/unreleased/kong/fix-clustering-forward-proxy-authentication.yml
new file mode 100644
index 000000000000..e819b5a9558a
--- /dev/null
+++ b/changelog/unreleased/kong/fix-clustering-forward-proxy-authentication.yml
@@ -0,0 +1,3 @@
+message: Fixed an issue where hybrid mode not working if the forward proxy password contains special character(#). Note that the `proxy_server` configuration parameter still needs to be url-encoded.
+type: bugfix
+scope: Clustering
diff --git a/kong/clustering/utils.lua b/kong/clustering/utils.lua
index 1f3bdc2db621..4f7ef8c2718c 100644
--- a/kong/clustering/utils.lua
+++ b/kong/clustering/utils.lua
@@ -9,6 +9,7 @@ local type = type
 local table_insert = table.insert
 local table_concat = table.concat
 local encode_base64 = ngx.encode_base64
+local unescape_uri = ngx.unescape_uri
 local worker_id = ngx.worker.id
 local fmt = string.format
 
@@ -50,7 +51,7 @@ local function parse_proxy_url(proxy_server)
     end
 
     if parsed.user and parsed.password then
-      ret.proxy_authorization = "Basic " .. encode_base64(parsed.user  .. ":" .. parsed.password)
+      ret.proxy_authorization = "Basic " .. encode_base64(unescape_uri(parsed.user)  .. ":" .. unescape_uri(parsed.password))
     end
   end