CVE-2026-33729
MEDIUMCVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
### Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result in OpenFGA reusing an earlier cached result for a different request. ### Am I Affected? Users are affected if the following preconditions are met: 1. The model has relations which rely on condition evaluation. 1. Caching is enabled. ### Fix Upgrade to OpenFGA v1.13.1. ### Acknowledgement OpenFGA would like to thank @Amemoyoi for the discovery and responsible disclosure.
Analysis
OpenFGA's condition-based caching mechanism can generate identical cache keys for different authorization check requests, allowing attackers to bypass access controls by triggering cache reuse of previously evaluated decisions. This affects deployments with relations that evaluate conditions and have caching enabled. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today