CVE-2026-47724: Stale Context Authz Check
Authorization logic invokes a statically scoped package-level function instead of a stateful receiver method. This pattern often indicates a reliance on a stale state snapshot contained in the request context rather than querying a store or database for current privileges. It can permit suspended/demoted users to bypass access controls over the residual life
Goβgreprules fetch cve-2026-47724-stale-context-authz-check --engine opengrepDescription
Authorization logic invokes a statically scoped package-level function instead of a stateful receiver method. This pattern often indicates a reliance on a stale state snapshot contained in the request context rather than querying a store or database for current privileges. It can permit suspended/demoted users to bypass access controls over the residual life
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0