CVE-2026-55773 is a high-severity vulnerability in CedarJava, an open-source Java implementation of the Cedar policy language. The vulnerability allows for cedar-expression injection via unescaped toCedarExpr(). This issue arises from the toCedarExpr() method on Cedar Value types not escaping special characters (such as quotes or backslashes) when converting values to Cedar source code. If an integrator u [truncated]
CedarJava, an open-source Java implementation of the Cedar policy language used for fine-grained authorization decisions, has a vulnerability in versions prior to 4.9.0. The EntityIdentifier.equals() method has inverted logic for null and self-reference checks, potentially leading to incorrect equality comparisons. This issue does not affect Cedar authorization decisions but may impact integrators perform [truncated]
CedarJava, an open-source Java implementation of the Cedar policy language, is vulnerable to a Record-to-Entity type confusion attack. In versions prior to 2.3.6, 3.4.1, and 4.9.0, improper input handling could allow an attacker to cause the Rust cedar-policy evaluator to interpret a record as an entity reference. This requires the integrating service to build a CedarMap where an actor controls the keys, [truncated]