AIKIDO-2026-10138
github.com/cedar-policy/cedar-go is vulnerable to Incorrect Authorization
58
Medium Risk
This Affects:
github.com/cedar-policy/cedar-goTL;DR
Affected versions of this package contain a critical datetime parsing flaw where UTC offsets are interpreted with inverted semantics, causing timestamps to be shifted in the wrong direction; this can lead to incorrect authorization decisions in time-based policies, especially with the newly supported RFC 110 expanded year format. An attacker could exploit this by crafting datetimes with specific positive or negative UTC offsets so that policy checks (e.g., expiry, validity windows, or access-after/before constraints) are evaluated incorrectly, potentially granting access earlier or for longer than intended or bypassing temporal restrictions altogether.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/cedar-policy/cedar-go is vulnerable to Incorrect Authorization in versions 0.3.2 - 1.4.0.
How to fix this
Upgrade the github.com/cedar-policy/cedar-go library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant