Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

open-policy-agent — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting open-policy-agent. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Open-policy-agent serves as a unified policy framework for cloud-native environments, enabling declarative policy as code across infrastructure and applications. Historically, it has faced vulnerabilities including remote code execution through unsafe policy evaluation, cross-site scripting in web interfaces, and privilege escalation via insecure default configurations. The project maintains a security-focused approach with regular audits, though past incidents like CVE-2022-2468 demonstrated risks in Rego parsing that allowed arbitrary code execution. Its design emphasizes policy consistency but requires careful implementation to prevent unintended access or execution risks, particularly in multi-tenant deployments where policy isolation is critical.

Top products by open-policy-agent: opa opa-envoy-plugin
CVE IDTitleCVSSSeverityPublished
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path` — opa-envoy-pluginCWE-863 7.5AIHighAI2026-02-19
CVE-2025-46569 OPA server Data API HTTP path injection of Rego — opaCWE-863 5.4AIMediumAI2025-05-01
CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions — opaCWE-693 7.4 High2022-09-08
CVE-2022-23628 Array literal misordering in github.com/open-policy-agent/opa — opaCWE-682 6.3 Medium2022-02-09

This page lists every published CVE security advisory associated with open-policy-agent. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.