Improper Policy Enforcement

github.com/openfga/openfga is vulnerable to improper policy enforcement. The vulnerability is due to inadequate validation during certain Check and ListObject calls, which allows an attacker to bypass authorization controls and gain unauthorized access to resources...

CVE-2026-24851

An access control flaw has been discovered in OpenFGA. The vulnerability requires a model that has a a relation directly assignable by a type bound public access and assignable by type bound non-public access, a tuple assigned for the relation that is a type bound public access, a tuple assigned...

CVE-2026-24851

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

CVE-2026-24851

CVE-2026-24851 technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-24851 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

CVE-2026-24851 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

EUVD-2026-5633

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

OpenFGA Improper Policy Enforcement

Impact OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22 = Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check calls are executed. Affected Users Users are affected by this vulnerability if all of the following preconditions are met: -...

PT-2026-6646

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.8.5 through 1.11.2 Description OpenFGA is an authorization/permission engine. Versions 1.8.5 through 1.11.2 are susceptible to improper policy enforcement during specific Check calls. This occurs when a model includes a...

CVE-2025-64751

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

CVE-2025-64751 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

CVE-2025-64751 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

CVE-2025-64751

CVE-2025-64751 affects OpenFGA v1.4.0–v1.11.0 (openfga-0.1.34–0.2.48 Helm; v1.4.0–v1.11.0 Docker). It is due to improper policy enforcement when certain Check and ListObject calls are executed, with patches available in v1.11.1. Impact is described as high in CVSS metrics (base score 8.8; confide...

CVE-2025-64751 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

OpenFGA Improper Policy Enforcement

Overview OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. Am I Affected? You are affected by this vulnerability if you meet the following...

GHSA-2C64-VMV2-HGFC OpenFGA Improper Policy Enforcement

Overview OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. Am I Affected? You are affected by this vulnerability if you meet the following...

PT-2025-47655

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.4.0 through 1.11.0 Description OpenFGA is an authorization/permission engine. Versions 1.4.0 through 1.11.0 are subject to improper policy enforcement during specific Check and ListObject calls. Recommendations Update to...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of access control policies during execution of Check and ListObject calls in OpenFGA, which allows an attacker to bypass intended access control and gain unauthorized permissions...

PT-2025-33691 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.9.3 through 1.9.4 Description: OpenFGA is an authorization/permission engine. Versions 1.9.3 through 1.9.4 are susceptible to improper policy enforcement during specific Check and ListObject calls. Recommendations: Upgrade ...

SUSE CVE-2025-46331

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...