PT-2026-57856 · Unknown · Cedar-Java

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-55771

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 4.9.0
Description The EntityIdentifier.equals() function contains inverted logic for null and self-reference checks. This causes the method to return true for null comparisons and false for self-comparisons, leading to incorrect equality results. While this does not impact Cedar authorization decisions, which are computed in Rust from JSON, it may affect integrators who implement their own equality checks on entity identifiers.
Recommendations Update to version 4.9.0.

Fix

Type Confusion

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55771

Affected Products

Cedar-Java