CVE-2026-46689

UNKNOWN 0.0

Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.

CWE	CWE-248 CWE-400 CWE-674
Vendor	kanidm
Product	kanidm
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for kanidm kanidm

Be the first to know when new unknown vulnerabilities affecting kanidm kanidm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

kanidm / kanidm

< 1.9.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh github.com: https://github.com/kanidm/kanidm/releases/tag/v1.9.3