CVE Catalog

CVE-2026-46690

MediumCVSS 5.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

The unbounded_spsc extension in versions 0.2.0 and prior contains a bug that leads to out-of-bounds reads and fake resource drops due to a race condition between sender and receiver.

Risk Assessment

Organizations may be exposed to unauthorized memory access, potentially leading to data leaks or system crashes.

Recommendation

It is recommended to monitor for updates and implement patches as they become available to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS