Authorization/Permission Engine Vulnerability in OpenFGA
CVE-2026-48096
5MEDIUM
What is CVE-2026-48096?
OpenFGA, a prominent authorization and permission management engine, is affected by a vulnerability where the iterator caching mechanism can lead to cache key collisions. Specifically, prior to version 1.16.0, certain check requests might yield identical cache keys, resulting in the reuse of previously cached results for new requests. This creates potential inconsistencies in access control decisions, which can compromise the integrity of authorization processes. Users are strongly advised to upgrade to version 1.16.0 to mitigate this issue.
Affected Version(s)
openfga < 1.16.0
