MEDIUM
openfga
CVE published 2026-06-10
CVE-2026-48096
CVE-2026-48096 is a medium-severity vulnerability in OpenFGA, an authorization/permission engine. The issue allows two distinct check requests to produce the same cache key when iterator caching is enabled, leading to OpenFGA reusing an earlier cached result for a subsequent request. This vulnerability has been patched in version 1.16.0.