What is CVE-2026-48096?

CVE-2026-48096 is a medium-severity vulnerability, classified under Insufficient Verification of Data Authenticity. CVSS score: 5.0/10. Published 2026-06-10.

How severe is CVE-2026-48096?

Medium severity. CVSS v3 base score is 5.0 out of 10.

CVE-2026-48096

CVE-2026-48096

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result…

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L.

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity
CWE-668 — Exposure of Resource to Wrong Sphere

References

security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-48096?: CVE-2026-48096 is a medium-severity vulnerability, classified under Insufficient Verification of Data Authenticity. CVSS score: 5.0/10. Published 2026-06-10.
How severe is CVE-2026-48096?: Medium severity. CVSS v3 base score is 5.0 out of 10.