CVE-2026-46689
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
Kanidm is an identity management platform that was vulnerable to stack overflow due to an unauthenticated GET request to the /scim/v1/... endpoint with a specific query string prior to version 1.9.3. This issue has been patched in version 1.9.3.
Risk Assessment
Stack overflow can lead to the complete termination of the kanidmd process, resulting in service unavailability. Additionally, an attacker may exploit this vulnerability to bypass access controls.
Recommendation
It is recommended to upgrade to version 1.9.3 or later to mitigate this vulnerability. Also, monitor logs for potential exploitation attempts.
Original NVD description (English source)
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.

