Primary

Context

OpenFGA Caching Vulnerability Leading to Improper Policy Enforcement

Vulnerability

Patched

A vulnerability in OpenFGA prior to version 1.14.1 allows models with condition-based relations and caching enabled to produce identical cache keys for different check requests. This could lead to the unintended reuse of cached results, causing incorrect authorization decisions. The issue arises when models rely on condition evaluation and caching is active.

Impact

Exploitation of this vulnerability could result in improper policy enforcement, where cached authorization results are incorrectly reused, potentially allowing unauthorized actions or access.

Remediation

Users can upgrade to OpenFGA version 1.14.1 to address this vulnerability. The updated version is available on the OpenFGA GitHub Releases page.

Added: Apr 22, 2026, 12:34 AM

Updated: Apr 22, 2026, 12:34 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenFGA Caching Vulnerability Leading to Improper Policy Enforcement

Vulnerability

Impact

Remediation

Affected Products

OpenFGA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating