CVE-2026-55771
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions pri
CVSS
8.8
Alto
EPSS
0.3%
p27
KEV
—
Exploit Today
8
0-100
Publicado: 13 jul 2026 · Última mod.: 14 jul 2026 · CWE-94 · CWE-697 · CWE-843
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null/self branches which could lead to incorrect equality comparisons. The EntityIdentifier.equals() method has inverted logic for null and self-reference checks, returning true for null comparisons and false for self-comparisons. This does not affect Cedar authorization decisions (computed in Rust from JSON), but could affect integrators who perform their own equality checks on entity identifiers. This issue has been fixed in version 4.9.0.