CVE Catalog

CVE-2026-46668

LowCVSS 2.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

Risk Assessment

Improper cache reuse may lead to unauthorized access to application permissions, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade SpiceDB to version 1.52.0 or later to mitigate this vulnerability.

Original NVD description (English source)

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS