open-policy-agent — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting open-policy-agent. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Open-policy-agent serves as a unified policy framework for cloud-native environments, enabling declarative policy as code across infrastructure and applications. Historically, it has faced vulnerabilities including remote code execution through unsafe policy evaluation, cross-site scripting in web interfaces, and privilege escalation via insecure default configurations. The project maintains a security-focused approach with regular audits, though past incidents like CVE-2022-2468 demonstrated risks in Rego parsing that allowed arbitrary code execution. Its design emphasizes policy consistency but requires careful implementation to prevent unintended access or execution risks, particularly in multi-tenant deployments where policy isolation is critical.

Top products by open-policy-agent: opa opa-envoy-plugin

CVEs 4

CVE ID	Title	CVSS	Severity	Published
CVE-2026-26205	opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path` — opa-envoy-pluginCWE-863	7.5^AI	High^AI	2026-02-19

This page lists every published CVE security advisory associated with open-policy-agent. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

open-policy-agent — Vulnerabilities & Security Advisories 4