346 matches found
CVE-2026-33729
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
SUSE CVE-2026-33729
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker can gain unauthorized access to resources by sending specially crafted requests that result in cache key collisions, causing the system to reuse cached authorization results for different requests...
CVE-2026-33729
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
CVE-2026-33729
OpenFGA (authority: CVE-2026-33729) fixes a cache-key collision bug in versions before 1.13.1. When models use conditions with caching enabled, two different check requests can generate the same cache key, causing a cached result to be reused for a different request. The issue affects models with...
CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
CVE-2026-33729 OpenFGA has an Authorization Bypass through cached keys
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache...
OpenFGA 安全漏洞
OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.13.1 contained a security vulnerability. This vulnerability arises from models that enable caching, which may generate the same cache keys under certain...
GO-2026-4857 OpenFGA has an Authorization Bypass through cached keys in github.com/openfga/openfga
OpenFGA has an Authorization Bypass through cached keys in github.com/openfga/openfga...
GHSA-H6C8-CWW8-35HF OpenFGA has an Authorization Bypass through cached keys
Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Am I Affected? Users are affected if the...
EUVD-2026-16507
OpenFGA has an Authorization Bypass through cached keys...
OpenFGA has an Authorization Bypass through cached keys
Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Am I Affected? Users are affected if the...
PT-2026-28515
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.13.1 Description OpenFGA is a high-performance and flexible authorization/permission engine. Under specific conditions, models using conditions with caching enabled can result in two different check requests produci...
SUSE CVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: ratify-fips, aactl, seaweedfs, timestamp-authority, loki-fips, dex-fips, temporal, flux-kustomize-controller, mariadb-operator-fips, kots, nri-mysql-fips, rke2-runtime, timestamp-authority-fips, spire-server, db-operator, witness, fulcio-fips, vault-fips, trufflehog,...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: apko, minio, dex, temporal, aactl, db-operator, ksops, mariadb-operator, seaweedfs, sftpgo-plugin-eventstore, envoy-gateway, splunk-otel-collector, amass, gitea, argo-workflows, nuclei, juicefs, openbao, kyverno-policy-reporter, telegraf, cerbos, trillian,...
GO-2026-4446 OpenFGA Improper Policy Enforcement in github.com/openfga/openfga
OpenFGA Improper Policy Enforcement in github.com/openfga/openfga...
CVE-2026-24851
An access control flaw has been discovered in OpenFGA. The vulnerability requires a model that has a a relation directly assignable by a type bound public access and assignable by type bound non-public access, a tuple assigned for the relation that is a type bound public access, a tuple assigned...
CVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...