Primary

Context

OpenFGA Improper Policy Enforcement Vulnerability Allowing Authorization Bypass

Vulnerability

Patched

A vulnerability exists in OpenFGA versions 1.8.5 through 1.11.2, including specific Helm chart and Docker versions, allowing improper policy enforcement during certain Check calls. This issue arises in models with relations assignable by both type-bound public and non-public access, and can be exploited under specific conditions related to tuple assignments and object ID lexicography.

Impact

Exploitation of this vulnerability can lead to unauthorized access or permissions being granted, allowing users to bypass intended authorization policies.

Remediation

Users can upgrade to OpenFGA version 1.11.3, which is backwards compatible. This version is also available in the OpenFGA Helm chart version 0.2.52 and in the OpenFGA Docker image version 1.11.3.

Added: Feb 6, 2026, 6:28 PM

Updated: Feb 6, 2026, 10:51 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.3

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.3

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenFGA Improper Policy Enforcement Vulnerability Allowing Authorization Bypass

Vulnerability

Impact

Remediation

Affected Products

OpenFGA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating