Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service by the same identity provider to authenticate to OpenFGA. This issue is fixed in 1.18.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 22.0%
CVSS Severity
CVSS v3 Score 6.8
Products affected by CVE-2026-55689


Contact Us

Shodan ® - All rights reserved