PT-2026-57856 · Unknown · Cedar-Java
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-55771
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CedarJava versions prior to 4.9.0
Description
The
EntityIdentifier.equals() function contains inverted logic for null and self-reference checks. This causes the method to return true for null comparisons and false for self-comparisons, leading to incorrect equality results. While this does not impact Cedar authorization decisions, which are computed in Rust from JSON, it may affect integrators who implement their own equality checks on entity identifiers.Recommendations
Update to version 4.9.0.
Fix
Type Confusion
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cedar-Java