CVE-2026-46668
SpiceDB is an open source database system for creating and managing security-critical application permissions
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CWE
- CWE-285
Description
SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-47342 — A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue...
- CVE-2026-47298 — Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network (8.0 HIGH)
- CVE-2026-45503 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network (8.1 HIGH)
- CVE-2026-45490 — Improper authorization in .NET allows an authorized attacker to elevate privileges locally (7.8 HIGH)
- CVE-2026-42902 — Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally (7.8 HIGH)