Bbarani

**Name of the Vulnerable Software and Affected Versions** OpenSearch versions prior to 1.3.10 and 2.7.0 **Description** The issue is related to the implementation of fine-grained access control rules, including document-level security, field-level security, and field masking. These rules are not correctly applied to queries during extremely rare race conditions, potentially leading to incorrect access authorization. This issue can be triggered when two concurrent requests land on the same instance exactly when query cache eviction happens, which occurs once every four hours. **Recommendations** For versions prior to 1.3.10, update to version 1.3.10 or later. For versions prior to 2.7.0, update to version 2.7.0 or later.