CVE-2026-41131
mediumCVSS v3 Base Score
5.0
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 85% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: April 21, 2026 (79 days ago)
Last Modified: April 21, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in OpenFGA, an authorization and permission engine. When certain authorization models use conditions with caching enabled, the system can incorrectly generate the same cache key for different requests. This error causes OpenFGA to reuse an outdated authorization decision, potentially leading to incorrect access controls. Such a flaw could allow an attacker to gain unauthorized access to information, perform unauthorized actions, or disrupt service availability.
CWE
CWE-639Affected Products
Multicluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Ceph Storage 6Red Hat Ceph Storage 9