SecBoard
Zurück zur CVE-Übersicht

CVE-2026-55170

NONE
Risk Signal Score10/100 — NIEDRIG
  • Weniger als 24 Stunden alt

Beschreibung

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorization_model identifier columns can compare case-distinct values such as user:Alice and user:alice as equivalent, causing two distinct check requests to return the same response. This issue is fixed in 1.18.0.

GitHub Advisories

GHSA-cf98-j28v-49v6LOW

OpenFGA Improper Policy Enforcement

go/github.com/openfga/openfga1.18.0
GitHub Advisory

Referenzen