Lucene search
K

346 matches found

RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-55170

A flaw was found in OpenFGA, an authorization/permission engine. When using MySQL as the datastore, and authorization decisions depend on case-sensitive user strings, the system may incorrectly treat case-distinct values e.g., 'user:Alice' and 'user:alice' as equivalent. This can lead to improper...

5.4CVSS6AI score0.00248EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...

8.1CVSS6.1AI score0.00301EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-55170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely ...

5.4CVSS6.1AI score0.00248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-55689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when...

8.1CVSS6.1AI score0.00301EPSS
Exploits0References2
NVD
NVD
added 6 days ago6 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

8.1CVSS0.00301EPSS
Exploits0References5
NVD
NVD
added 6 days ago5 views

CVE-2026-55170

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

5.4CVSS0.00248EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS6AI score0.00301EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55689 OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS0.00301EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

CVE-2026-55689 OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS6.1AI score0.00301EPSS
Exploits0References7
CVE
CVE
added 6 days ago51 views

CVE-2026-55689

OpenFGA’s OIDC authentication could accept tokens from the same identity provider for a different application when authn.method=oidc and authn.oidc.issuer is configured but authn.oidc.audience is unset (pre-1.18.0). This allowed unauthorized authentication to OpenFGA. The issue is fixed in OpenFG...

8.1CVSS6AI score0.00301EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55170

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

2.1CVSS5.9AI score0.00248EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-55170 OpenFGA MySQL backend: case-insensitive collation on identifier columns causes incorrect authorization decisions

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

2.1CVSS0.00248EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

CVE-2026-55170 OpenFGA MySQL backend: case-insensitive collation on identifier columns causes incorrect authorization decisions

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorizationmodel identifier columns can compare case-distinct values such as...

2.1CVSS6.1AI score0.00248EPSS
Exploits0References7
CVE
CVE
added 6 days ago21 views

CVE-2026-55170

OpenFGA Open Source CVE-2026-55170 affects the MySQL datastore when decisions rely on case-sensitive user strings. The tuple, changelog, and authorization_model identifier columns can treat case-distinct values (e.g., user:Alice vs user:alice) as equivalent, potentially causing two distinct check...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5423 OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset in github.com/openfga/openfga

OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset in github.com/openfga/openfga...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.10 views

GO-2026-5483 OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision in github.com/openfga/openfga

OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision in github.com/openfga/openfga...

8.8CVSS5.8AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5322 OpenFGA Improper Policy Enforcement in github.com/openfga/openfga

OpenFGA Improper Policy Enforcement in github.com/openfga/openfga...

5.4CVSS5.8AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5239 OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning in github.com/openfga/openfga

OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning in github.com/openfga/openfga...

5.3CVSS5.8AI score0.00101EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5136 OpenFGA has Improper Policy Enforcement in github.com/openfga/openfga

OpenFGA has Improper Policy Enforcement in github.com/openfga/openfga...

5CVSS5.8AI score0.00145EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:26 p.m.5 views

GO-2026-5170 OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response in github.com/openfga/openfga

OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response in github.com/openfga/openfga...

7.5CVSS5.8AI score0.00286EPSS
Exploits0References3
Rows per page
Query Builder