CVE-2026-24851

Description

OpenFGA Improper Policy Enforcement in github.com/openfga/openfga

How to fix CVE-2026-24851

To remediate CVE-2026-24851, upgrade the affected package to a fixed version below.

• Go/github.com/openfga/openfga—upgrade to 1.11.3 or later
• Go/github.com/openfga/openfga—upgrade to 1.11.3 or later

Is CVE-2026-24851 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• >= 1.8.5, < 1.11.3
• >= 1.8.5, < 1.11.3

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-24851
• PATCHgithub.com/openfga/openfga
• WEBgithub.com/openfga/openfga/commit/1bb5eddf4a3d2fc718aab7914b8f9a1200d2f7ee
• WEBgithub.com/openfga/openfga/releases/tag/v1.11.3