CVE-2026-46668

Source
https://cve.org/CVERecord?id=CVE-2026-46668
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46668.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46668
Aliases
Published
2026-06-10T20:11:44.193Z
Modified
2026-07-08T08:13:38.259663810Z
Severity
  • 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
SpiceDB: Caveat structures with nested lists can result in improper cache reuse
Details

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46668.json"
}
References

Affected packages

Git / github.com/authzed/spicedb

Affected ranges

Type
GIT
Repo
https://github.com/authzed/spicedb
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "1.15.0"
        },
        {
            "fixed": "1.52.0"
        },
        {
            "introduced": "0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION",
        "REFERENCES"
    ]
}

Affected versions

v1.*
v1.15.0
v1.16.0
v1.16.1
v1.16.2
v1.17.0
v1.18.1
v1.19.0
v1.21.0
v1.21.0-rc1
v1.22.0
v1.22.0-rc1
v1.22.0-rc2
v1.22.0-rc4
v1.22.0-rc5
v1.22.0-rc6
v1.22.0-rc7
v1.22.0-rc8
v1.22.1
v1.22.1-rc1
v1.22.2
v1.23.0
v1.23.0-rc1
v1.23.0-rc2
v1.23.0-rc3
v1.23.0-rc4
v1.23.1
v1.23.1-rc1
v1.24.0
v1.24.0-rc1
v1.24.0-rc2
v1.24.0-rc3
v1.25.0
v1.25.0-rc1
v1.25.0-rc2
v1.25.0-rc3
v1.25.0-rc4
v1.26.0
v1.26.0-rc1
v1.26.0-rc2
v1.27.0
v1.27.0-rc1
v1.27.1-rc1
v1.28.0
v1.28.0-rc1
v1.29.0
v1.29.1
v1.29.1-rc1
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.35.1
v1.35.2
v1.35.3
v1.37.0
v1.38.0
v1.39.0
v1.40.0
v1.40.1
v1.41.0
v1.42.0
v1.42.1
v1.43.0
v1.44.0
v1.44.3
v1.44.4
v1.45.0
v1.45.1
v1.45.2
v1.45.3
v1.45.4
v1.46.0
v1.46.1
v1.46.2
v1.47.0
v1.47.1
v1.48.0
v1.49.0
v1.49.1
v1.49.2
v1.50.0
v1.51.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46668.json"