PT-2026-34222 · Openfga · Openfga

Published

2026-04-21

Updated

2026-04-25

CVE-2026-41131

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.14.1

Description In specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This may lead to the reuse of an earlier cached result for a subsequent request. This occurs when the model has relations relying on condition evaluation and caching is enabled.

Recommendations Upgrade to version 1.14.1.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-706

Related Identifiers

CVE-2026-41131

GHSA-57J5-QWP2-VQP6

Affected Products

Openfga

PT-2026-34222 · Openfga · Openfga

CVE-2026-41131

Weakness Enumeration

Related Identifiers

Affected Products

References · 6