CVE Catalog

CVE-2026-46689

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile - higher than 13% of all known CVEs

Summary

Kanidm is an identity management platform that was vulnerable to stack overflow due to an unauthenticated GET request to the /scim/v1/... endpoint with a specific query string prior to version 1.9.3. This issue has been patched in version 1.9.3.

Risk Assessment

Stack overflow can lead to the complete termination of the kanidmd process, resulting in service unavailability. Additionally, an attacker may exploit this vulnerability to bypass access controls.

Recommendation

It is recommended to upgrade to version 1.9.3 or later to mitigate this vulnerability. Also, monitor logs for potential exploitation attempts.

Original NVD description (English source)

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS