CVE-2026-46668

EPSS 0.28%
Veröffentlicht 10.06.2026 20:11:44
Zuletzt bearbeitet 11.06.2026 15:35:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SpiceDB: Caveat structures with nested lists can result in improper cache reuse

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerauthzed

≫

Produkt spicedb

Version >= 1.15.0, < 1.52.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	2.3	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/authzed/spicedb/security/advisories/GHSA-mqcf-gqvg-rmhm

https://github.com/authzed/spicedb/pull/3065

https://github.com/authzed/spicedb/releases/tag/v1.52.0

https://nvd.nist.gov/vuln/detail/CVE-2026-46668

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-46668

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-46668

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-46668