Skip to content

Go vulnerabilities #647

New issue
New issue
Open
Open
Go vulnerabilities#647
@atroianof

Description

@atroianof
atroianof
opened on Mar 16, 2026

Description

Hey the latest version of OpenFGA CLI is vulnerable two these three - can you please rebuild in Go 1.26.1 ?

CVE Severity Description Fixed In
CVE-2026-25679 HIGH url.Parse insufficiently validated host/authority component Go 1.25.8 / 1.26.1
CVE-2026-27137 HIGH Certificate chain verification issue with certain certificates Go 1.26.1
CVE-2026-27142 HIGH HTML meta tag content attribute URL injection Go 1.25.8 / 1.26.1

Thanks!

OpenFGA version

0.7.10

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    SDKs and Tooling

    Status

    Intake

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions