Helm Charts Security Vulnerabilities and Issues — Helm Charts CVE List

OpenfgaHelm Charts

9 matches found

CVE•added 2025/02/19 8:18 p.m.•2652 views

CVE-2025-25196

CVE-2025-25196 concerns OpenFGA (< v1.8.4; Helm chart < openfga-0.2.22; docker

9.8CVSS6.4AI score0.00097EPSS

CVE•added 2025/01/13 9:33 p.m.•1086 views

CVE-2024-56323

OpenFGA Open Authorization Engine (versions v1.3.8–v1.8.2; Helm openfga-0.1.38–0.2.19; docker 1.3.8–1.8.2) contains a critical authorization bypass vulnerability (CVE-2024-56323). Root cause: when a model uses conditions and contextual tuples are provided in Check or ListObjects calls, and OPENFG...

9.8CVSS6.6AI score0.00095EPSS

CVE•added 2025/05/22 10:20 p.m.•210 views

CVE-2025-48371

OpenFGA Open Authorization bypass (CVE-2025-48371) affects versions 1.8.0–1.8.12 of OpenFGA (and corresponding Helm/dockers) where certain Check and ListObjects calls can bypass access controls under specific conditions involving relationships that can be publicly assigned and usersets, contextua...

8.8CVSS6.6AI score0.001EPSS

CVE•added 2025/04/30 6:27 p.m.•194 views

CVE-2025-46331

OpenFGA vulnerability CVE-2025-46331 affects OpenFGA v1.8.10 through v1.3.6 (Helm chart <= openfga-0.2.28, docker

9.8CVSS6.6AI score0.00323EPSS

CVE•added 2026/02/06 5:51 p.m.•19 views

CVE-2026-24851

CVE-2026-24851 technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS5.4AI score0.00022EPSS

CVE•added 2025/08/18 7:23 p.m.•17 views

CVE-2025-55213

OpenFGA is affected by an Authorization Bypass vulnerability in which improper policy enforcement occurs during certain Check and ListObject calls. Affected versions are OpenFGA v1.9.3 to v1.9.4 (including openfga-0.2.40 to 0.2.41 and docker/v1.9.4). The issue is fixed in v1.9.5. Impact is descri...

9.8CVSS7AI score0.00105EPSS

CVE•added 2025/11/21 1:24 a.m.•9 views

CVE-2025-64751

CVE-2025-64751 affects OpenFGA v1.4.0–v1.11.0 (openfga-0.1.34–0.2.48 Helm; v1.4.0–v1.11.0 Docker). It is due to improper policy enforcement when certain Check and ListObject calls are executed, with patches available in v1.11.1. Impact is described as high in CVSS metrics (base score 8.8; confide...

8.8CVSS6.5AI score0.00067EPSS

CVE•added 2026/04/21 11:38 p.m.•7 views

CVE-2026-41131

CVE-2026-41131 affects OpenFGA prior to version 1.14.1. In scenarios where models use conditions with caching enabled, two distinct check requests can yield the same cache key, causing an earlier cached result to be reused for a later request. Preconditions: the model has relations that rely on c...

5CVSS5.8AI score0.00046EPSS

CVE•added 2026/04/06 8:41 p.m.•6 views

CVE-2026-34972

OpenFGA vulnerability CVE-2026-34972 affects OpenFGA versions 1.8.0 through 1.13.1. The issue arises when BatchCheck is invoked with multiple checks for the same object, relation, and user, leading to improper policy enforcement. It is resolved in version 1.14.0. CVSS metrics indicate high impact...

8.8CVSS5.9AI score0.00019EPSS