CVE-2026-46689

216.73.216.233

· Published 10/06/2026 22:17 · Modified 11/06/2026 15:36

Labels: CVE-2026-46689 2026-06-10 CVE-2026-46689 CWE-248 [email protected]

Essential information

Published: 10/06/2026 22:17
Modified: 11/06/2026 15:36
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
kanidm / kanidm	`cpe:2.3:a:kanidm:kanidm:<1.9.3:::::::*`