Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.10 views

CVE-2026-48096

A flaw was found in OpenFGA, an authorization/permission engine. When iterator caching is enabled, distinct authorization check requests can generate identical cache keys. This can cause OpenFGA to reuse an outdated or incorrect cached result for subsequent requests. Such a flaw may lead to...

5.3CVSS5.2AI score0.00101EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 8:28 p.m.9 views

EUVD-2026-36061

OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning...

5.3CVSS5.5AI score0.00101EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 4:17 p.m.8 views

CVE-2026-48096

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

5.3CVSS0.00101EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 3:9 p.m.8 views

CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

5CVSS5.3AI score0.00101EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

OpenFGA 数据伪造问题漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.16.0 had a data manipulation vulnerability. This vulnerability arises from the possibility that two different check requests may generate the same cache key...

5.3CVSS5.2AI score0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48462

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.16.0 Description When iterator caching is enabled, specifically with SharedIteratorCache and ListObjectsIteratorCache, two distinct check requests can produce the same cache key. This causes the system to reuse a...

5.3CVSS5.5AI score0.00101EPSS
Exploits0References7
Rows per page
Query Builder