3 matches found
CVE-2026-55170
A flaw was found in OpenFGA, an authorization/permission engine. When using MySQL as the datastore, and authorization decisions depend on case-sensitive user strings, the system may incorrectly treat case-distinct values e.g., 'user:Alice' and 'user:alice' as equivalent. This can lead to improper...
GHSA-HCXC-WF8J-23HV OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset
Description OpenFGA's OIDC authenticator skipped JWT audience aud validation when no audience was configured. In deployments where one identity provider issues tokens for multiple services, a token minted for an unrelated service could authenticate to OpenFGA. Preconditions This applies if the...
Use of Incorrectly-Resolved Name or Reference
Overview strands-agents is an A model-driven approach to building AI agents in just a few lines of code Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via dynamic tool module registration in ToolLoader. The loadtoolsfromfilepath and loadpythontoo...