PT-2026-28515 · Openfga · Openfga

Amemoyoif

·

Publicado

2026-03-26

·

Atualizado

2026-03-27

·

CVE-2026-33729

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.13.1
Description OpenFGA is a high-performance and flexible authorization/permission engine. Under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. Users are affected if the model has relations that depend on condition evaluation and caching is enabled.
Recommendations Upgrade to OpenFGA version 1.13.1.

Exploit

Correção

Insufficient Verification of Data Authenticity

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345CWE-1289CWE-20

Identificadores relacionados

CVE-2026-33729
GHSA-H6C8-CWW8-35HF
GO-2026-4857
SUSE-SU-2026:1135-1

Produtos afetados

Openfga