Back to CVE List

CVE-2026-34972

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.0 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Vulnerability Description

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. From 1.8.0 to 1.13.1, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper policy enforcement. This vulnerability is fixed in 1.14.0.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-863
Source
NVD
Vendor
openfga
Product
openfga

External References

Discussion (0)

Add Comment

No comments yet. Be the first!