SpiceDB: Caveat structures with nested lists can result in improper...

2.3 / 10

LOW

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

Basic Information

ID CVE-2026-46668

Source GitHub_M

Published Jun 10, 2026 at 20:11

Affected Product

Vendor authzed

Product spicedb

Version >= 1.15.0, < 1.52.0

Affected Versions authzed spicedb >= 1.15.0, < 1.52.0

CWE Classification

CWE-285

References

{
    "lastseen": "",
    "description": "SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.",
    "published": "2026-06-10T20:11:44.193Z",
    "modified": "2026-06-10T20:11:44.193Z",
    "type": "cve",
    "title": "SpiceDB: Caveat structures with nested lists can result in improper cache reuse",
    "source": "GitHub_M",
    "references": "https://github.com/authzed/spicedb/security/advisories/GHSA-mqcf-gqvg-rmhm\nhttps://github.com/authzed/spicedb/pull/3065\nhttps://github.com/authzed/spicedb/releases/tag/v1.52.0",
    "id": "CVE-2026-46668",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "authzed spicedb >= 1.15.0, < 1.52.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "spicedb",
    "version": ">= 1.15.0, < 1.52.0",
    "vendor": "authzed",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SpiceDB: Caveat structures with nested lists can result in improper cache reuse_CVE-2026-46668