Lucene search
K

4 matches found

OSV
OSV
added 2026/04/17 8:47 p.m.4 views

CVE-2026-40293 OpenFGA Playground Preshared Key Exposure

OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground...

6.5CVSS5.9AI score0.00286EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/04/08 9:51 p.m.13 views

OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response

Description When OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint. The /playground endpoint is enabled by default and does not require authentication. It...

7.5CVSS5.9AI score0.00286EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 9:51 p.m.13 views

GHSA-68M9-983M-F3V5 OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response

Description When OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint. The /playground endpoint is enabled by default and does not require authentication. It...

6.5CVSS5.8AI score0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.13 views

PT-2026-32978

Name of the Vulnerable Software and Affected Versions OpenFGA versions 0.1.4 through 1.13.1 Description When configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the '/playground' endpoint. Thi...

7.5CVSS5.9AI score0.00286EPSS
Exploits0References18
Rows per page
Query Builder