Primary

Context

OpenFGA Improper Policy Enforcement Vulnerability in BatchCheck Operations

Vulnerability

Patched

A vulnerability in OpenFGA versions 1.8.0 prior to 1.13.1 allows for improper policy enforcement during BatchCheck operations. This issue arises when multiple checks are sent for the same object, relation, and user combination, and the contexts of these checks differ in a specific way. Under these conditions, the authorization engine may not enforce policies correctly, potentially leading to unauthorized access or permissions.

Impact

Exploitation of this vulnerability can result in improper enforcement of authorization policies, allowing for potential unauthorized access or permissions.

Remediation

Users can upgrade to OpenFGA version 1.14.0 to address this vulnerability.

Added: Apr 6, 2026, 9:27 PM

Updated: Apr 6, 2026, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenFGA Improper Policy Enforcement Vulnerability in BatchCheck Operations

Vulnerability

Impact

Remediation

Affected Products

OpenFGA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating