CVE-2026-46668

UNKNOWN 0.0

SpiceDB: Caveat structures with nested lists can result in improper cache reuse

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

CWE	CWE-285
Vendor	authzed
Product	spicedb
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for authzed spicedb

Be the first to know when new unknown vulnerabilities affecting authzed spicedb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

authzed / spicedb

>= 1.15.0, < 1.52.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/authzed/spicedb/security/advisories/GHSA-mqcf-gqvg-rmhm github.com: https://github.com/authzed/spicedb/pull/3065 github.com: https://github.com/authzed/spicedb/releases/tag/v1.52.0