cvedb.io
CVE-2026-34972
MEDIUM · CVSS 5
EPSS exploitation probability: 0%
Published 2026-04-06T21:16:19.997 · Last modified 2026-06-17T10:39:55.193

Summary

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. From 1.8.0 to 1.13.1, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper policy enforcement. This vulnerability is fixed in 1.14.0.

Affected products

openfga — helm_charts

Does this affect you?

Add your gear to cvedb and we'll alert you only when openfga ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.