Lucene search
+L

5 matches found

CVE
CVE
added 2025/02/19 8:18 p.m.2666 views

CVE-2025-25196

CVE-2025-25196 concerns OpenFGA (< v1.8.4; Helm chart < openfga-0.2.22; docker

9.8CVSS6.4AI score0.00418EPSS
CVE
CVE
added 2026/07/09 9:6 p.m.57 views

CVE-2026-55689

OpenFGA’s OIDC authentication could accept tokens from the same identity provider for a different application when authn.method=oidc and authn.oidc.issuer is configured but authn.oidc.audience is unset (pre-1.18.0). This allowed unauthorized authentication to OpenFGA. The issue is fixed in OpenFG...

8.1CVSS6AI score0.00301EPSS
CVE
CVE
added 2026/06/10 3:9 p.m.22 views

CVE-2026-48096

OpenFGA: The CVE affects the OpenFGA authorization engine prior to v1.16.0 due to an issue with iterator caching where two distinct check requests could produce the same cache key, causing reuse of an earlier cached result. The root cause is described as a cache-key issue in the shared-iterator a...

5.3CVSS5.4AI score0.00101EPSS
CVE
CVE
added 2026/07/09 9:4 p.m.22 views

CVE-2026-55170

OpenFGA Open Source CVE-2026-55170 affects the MySQL datastore when decisions rely on case-sensitive user strings. The tuple, changelog, and authorization_model identifier columns can treat case-distinct values (e.g., user:Alice vs user:alice) as equivalent, potentially causing two distinct check...

5.4CVSS5.9AI score0.00248EPSS
CVE
CVE
added 2026/04/21 11:38 p.m.21 views

CVE-2026-41131

CVE-2026-41131 affects OpenFGA prior to version 1.14.1. In scenarios where models use conditions with caching enabled, two distinct check requests can yield the same cache key, causing an earlier cached result to be reused for a later request. Preconditions: the model has relations that rely on c...

5CVSS5.8AI score0.00145EPSS