CVE-2026-33729 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-33729 PUBLISHED CVSS 5.800000190734863 MEDIUM

OpenFGA has an Authorization Bypass through cached keys

Risk Scores

CVSS v4.0

5.800000190734863

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Affected Products

Vendor	Product	Versions
openfga	openfga	< 1.13.1, < 1.13.1, < 1.13.1
github.com	openfga/openfga	0, 0, 0

Timeline

Mar 25, 2026 CVE Published
Mar 26, 2026 CVE Updated
Mar 27, 2026 Coalition ESS Score
Mar 27, 2026 Security Advisory
Apr 14, 2026 PoC Published

References

Open in Interactive Console →