PT-2026-30732 · Openfga · Openfga

Bugbunny-Research

Published

2026-04-06

Updated

2026-04-07

CVE-2026-34972

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.8.0 through 1.13.1

Description OpenFGA is an authorization/permission engine. BatchCheck calls with multiple checks for the same object, relation, and user can lead to improper policy enforcement under specific conditions.

Recommendations Update to version 1.14.0 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-34972

GHSA-JWVJ-G8PC-CX45

Affected Products

Openfga

PT-2026-30732 · Openfga · Openfga

CVE-2026-34972

Weakness Enumeration

Related Identifiers

Affected Products

References · 6