SUSE CVE-2025-46569

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Data API. An attacker can manipulate the Rego code within the query to either cause the server to perform unintended actions or to consume excessive resources, leading to a Denial of Service DoS. Not...

Incorrect Authorization

Overview github.com/open-policy-agent/opa/server is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Data API. An attacker can...

CVE-2025-46569

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

CVE-2025-46569

Summary: CVE-2025-46569 affects Open Policy Agent (OPA) prior to 1.4.0 when run as a server. A HTTP Data API path can be crafted to inject Rego code into the constructed query, enabling potential oracle attacks, incorrect policy decisions, and a DoS via expensive evaluation. Impact: high (policy ...

PT-2025-18710 · Unknown · Open Policy Agent

Name of the Vulnerable Software and Affected Versions: Open Policy Agent OPA versions prior to 1.4.0 Description: The issue concerns the Open Policy Agent OPA, a general-purpose policy engine. In versions prior to 1.4.0, when run as a server, OPA exposes an HTTP Data API. A crafted HTTP request...