Openfga

Openfga

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-48096

  • EPSS 0.1%
  • Veröffentlicht 10.06.2026 15:09:59
  • Zuletzt bearbeitet 12.06.2026 00:46:45

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subse...

5

CVE-2026-41131

  • EPSS 0.15%
  • Veröffentlicht 21.04.2026 23:38:29
  • Zuletzt bearbeitet 24.04.2026 13:44:37

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could resul...

6.5

CVE-2026-40293

  • EPSS 0.2%
  • Veröffentlicht 17.04.2026 20:47:06
  • Zuletzt bearbeitet 27.04.2026 19:39:47

OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key...

8.8

CVE-2026-34972

  • EPSS 0.21%
  • Veröffentlicht 06.04.2026 20:41:33
  • Zuletzt bearbeitet 20.04.2026 16:55:51

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. From 1.8.0 to 1.13.1, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation...

9.8

CVE-2026-33729

  • EPSS 0.24%
  • Veröffentlicht 27.03.2026 00:27:40
  • Zuletzt bearbeitet 14.04.2026 01:04:41

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two di...

8.8

CVE-2026-24851

  • EPSS 0.31%
  • Veröffentlicht 06.02.2026 18:15:58
  • Zuletzt bearbeitet 24.02.2026 20:52:16

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 ( openfga-0.2.22<= Helm chart <= openfga-0.2.51, v.1.8.5 <= docker <= v.1.11.2) are vulnerable ...

8.8

CVE-2025-64751

  • EPSS 0.26%
  • Veröffentlicht 21.11.2025 01:24:32
  • Zuletzt bearbeitet 31.12.2025 13:43:35

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable...

9.8

CVE-2025-55213

  • EPSS 0.3%
  • Veröffentlicht 18.08.2025 19:23:33
  • Zuletzt bearbeitet 14.01.2026 17:10:47

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to...

8.8

CVE-2025-48371

  • EPSS 0.41%
  • Veröffentlicht 22.05.2025 22:20:37
  • Zuletzt bearbeitet 15.01.2026 02:34:33

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and Lis...

9.8

CVE-2025-46331

  • EPSS 0.33%
  • Veröffentlicht 30.04.2025 18:27:05
  • Zuletzt bearbeitet 31.12.2025 15:06:58

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when ...