{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T05:17:29.311","vulnerabilities":[{"cve":{"id":"CVE-2026-31866","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T18:16:25.460","lastModified":"2026-03-20T16:21:07.993","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context included in request payloads is read into memory without any size restriction. An attacker can send a single HTTP request with an arbitrarily large body, causing flagd to allocate a corresponding amount of memory. This leads to immediate memory exhaustion and process termination (e.g., OOMKill in Kubernetes environments). flagd does not natively enforce authentication on its evaluation endpoints. While operators may deploy flagd behind an authenticating reverse proxy or similar infrastructure, the endpoints themselves impose no access control by default. This vulnerability is fixed in 0.14.2."},{"lang":"es","value":"flagd es un demonio de feature flags con una filosofía Unix. Antes de la versión 0.14.2, flagd expone puntos finales OFREP (/ofrep/v1/evaluate/...) y gRPC (evaluation.v1, evaluation.v2) para la evaluación de feature flags. Estos puntos finales están diseñados para ser accesibles públicamente por aplicaciones cliente. El contexto de evaluación incluido en las cargas útiles de las solicitudes se lee en la memoria sin ninguna restricción de tamaño. Un atacante puede enviar una única solicitud HTTP con un cuerpo arbitrariamente grande, haciendo que flagd asigne una cantidad de memoria correspondiente. Esto conduce a un agotamiento inmediato de la memoria y a la terminación del proceso (por ejemplo, OOMKill en entornos Kubernetes). flagd no aplica de forma nativa la autenticación en sus puntos finales de evaluación. Si bien los operadores pueden desplegar flagd detrás de un proxy inverso autenticador o infraestructura similar, los propios puntos finales no imponen ningún control de acceso por defecto. Esta vulnerabilidad está corregida en la versión 0.14.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openfeature:flagd:*:*:*:*:*:*:*:*","versionEndExcluding":"0.14.2","matchCriteriaId":"679B3F85-E0E4-4438-907F-AB82EEF05BD6"}]}]}],"references":[{"url":"https://github.com/open-feature/flagd/commit/25c5fd7e80c26eb2c00b20317b2456fe6f927ea3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-feature/flagd/security/advisories/GHSA-rmrf-g9r3-73pm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}