Lucene search
+L

346 matches found

redhatcve
redhatcve
added 2026/03/28 4:56 a.m.4 views

CVE-2026-33729

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...

5.8CVSS5.9AI score0.00241EPSS
Exploits0References1
susecve
susecve
added 2026/03/28 12:24 a.m.8 views

SUSE CVE-2026-33729

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...

9.8CVSS5.9AI score0.00241EPSS
Exploits0References3
snyk
snyk
added 2026/03/27 1:21 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker can gain unauthorized access to resources by sending specially crafted requests that result in cache key collisions, causing the system to reuse cached authorization results for different requests...

9.8CVSS5.9AI score0.00241EPSS
Exploits0References2
nvd
nvd
added 2026/03/27 1:16 a.m.7 views

CVE-2026-33729

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...

9.8CVSS0.00241EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/27 12:27 a.m.28 views

CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...

5.8CVSS0.00241EPSS
Exploits0References3
cve
cve
added 2026/03/27 12:27 a.m.35 views

CVE-2026-33729

OpenFGA (authority: CVE-2026-33729) fixes a cache-key collision bug in versions before 1.13.1. When models use conditions with caching enabled, two different check requests can generate the same cache key, causing a cached result to be reused for a different request. The issue affects models with...

9.8CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/03/27 12:27 a.m.2 views

CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...

5.8CVSS5.9AI score0.00241EPSS
Exploits0References3
osv
osv
added 2026/03/27 12:27 a.m.6 views

CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...

5.8CVSS6.4AI score0.00241EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.8 views

OpenFGA 安全漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.13.1 contained a security vulnerability. This vulnerability arises from models that enable caching, which may generate the same cache keys under certain...

9.8CVSS6.4AI score0.00241EPSS
Exploits0References3
osv
osv
added 2026/03/26 8:33 p.m.4 views

GO-2026-4857 OpenFGA has an Authorization Bypass through cached keys in github.com/openfga/openfga

OpenFGA has an Authorization Bypass through cached keys in github.com/openfga/openfga...

9.8CVSS5.9AI score0.00241EPSS
Exploits0References3
osv
osv
added 2026/03/26 5:21 p.m.1 views

GHSA-H6C8-CWW8-35HF OpenFGA has an Authorization Bypass through cached keys

Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Am I Affected? Users are affected if the...

5.8CVSS5.9AI score0.00241EPSS
Exploits0References5
euvd
euvd
added 2026/03/26 5:21 p.m.4 views

EUVD-2026-16507

OpenFGA has an Authorization Bypass through cached keys...

5.8CVSS5.8AI score0.00241EPSS
Exploits0References3
github
github
added 2026/03/26 5:21 p.m.7 views

OpenFGA has an Authorization Bypass through cached keys

Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Am I Affected? Users are affected if the...

9.8CVSS5.8AI score0.00241EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/03/26 12:0 a.m.5 views

PT-2026-28515

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.13.1 Description OpenFGA is a high-performance and flexible authorization/permission engine. Under specific conditions, models using conditions with caching enabled can result in two different check requests produci...

5.8CVSS5.9AI score0.00241EPSS
Exploits0References9
susecve
susecve
added 2026/03/04 12:27 a.m.5 views

SUSE CVE-2026-24851

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

8.8CVSS5.8AI score0.00308EPSS
Exploits0References3
cgr
cgr
added 2026/02/20 1:17 a.m.22 views

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: ratify-fips, aactl, seaweedfs, timestamp-authority, loki-fips, dex-fips, temporal, flux-kustomize-controller, mariadb-operator-fips, kots, nri-mysql-fips, rke2-runtime, timestamp-authority-fips, spire-server, db-operator, witness, fulcio-fips, vault-fips, trufflehog,...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/02/19 7:48 p.m.6 views

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: apko, minio, dex, temporal, aactl, db-operator, ksops, mariadb-operator, seaweedfs, sftpgo-plugin-eventstore, envoy-gateway, splunk-otel-collector, amass, gitea, argo-workflows, nuclei, juicefs, openbao, kyverno-policy-reporter, telegraf, cerbos, trillian,...

6.1AI score
Exploits0
osv
osv
added 2026/02/17 6:9 p.m.6 views

GO-2026-4446 OpenFGA Improper Policy Enforcement in github.com/openfga/openfga

OpenFGA Improper Policy Enforcement in github.com/openfga/openfga...

8.8CVSS5.4AI score0.00308EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/02/07 7:31 p.m.6 views

CVE-2026-24851

An access control flaw has been discovered in OpenFGA. The vulnerability requires a model that has a a relation directly assignable by a type bound public access and assignable by type bound non-public access, a tuple assigned for the relation that is a type bound public access, a tuple assigned...

8.8CVSS5.6AI score0.00308EPSS
Exploits0References5
nvd
nvd
added 2026/02/06 6:15 p.m.12 views

CVE-2026-24851

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

8.8CVSS0.00308EPSS
Exploits0References2
Rows per page
Query Builder