CVE-2026-34972

MEDIUM

MINI-CPCF-XXRX-RW2Q

Details

CVSS v3: 5.0
NVD published: 2026-04-06 21:16:19
EPSS: <0.1% probability · 3.8th percentile — 2026-04-28
Affected versions: cpe:2.3:a:openfga:helm_charts:*:*:*:*:*:openfga:*:* cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*
Summary: OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. From 1.8.0 to 1.13.1, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper policy enforcement. This vulnerability is fixed in 1.14.0.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.