VULNRABLE / Vulnerability / CVE-2026-48096
CVE-2026-48096
MEDIUM github.com/openfga/openfga GHSA
CVSS Score
5.5
Severity
MEDIUM
EPSS
0%
Source
GHSA
Summary
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
What this means
CVE-2026-48096 is a medium-severity vulnerability affecting github.com/openfga/openfga, rated CVSS 5.5. The EPSS model estimates a 0% probability of exploitation in the next 30 days. Published June 12, 2026.
View full advisory at GHSA →