CVE-2026-41131

medium Red Hat
CVSS v3 Base Score
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 85% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: April 21, 2026 (79 days ago)
Last Modified: April 21, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in OpenFGA, an authorization and permission engine. When certain authorization models use conditions with caching enabled, the system can incorrectly generate the same cache key for different requests. This error causes OpenFGA to reuse an outdated authorization decision, potentially leading to incorrect access controls. Such a flaw could allow an attacker to gain unauthorized access to information, perform unauthorized actions, or disrupt service availability.

CWE

CWE-639

Affected Products

Multicluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Ceph Storage 6Red Hat Ceph Storage 9

References