216.73.216.233

CVE-2026-47225

· Published 12/06/2026 20:16 · Modified 12/06/2026 18:16 · Author: The MITRE Corporation

Labels: CVE-2026-47225 2026-06-12CVE-2026-47225CWE-524[email protected]

Essential information

Published
12/06/2026 20:16
Modified
12/06/2026 18:16
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.0 MEDIUM (v3) 6.0 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-524
EPSS (First)
P15.0% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00047)
CVSS vector

CVSS metrics

Description

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across requests with different Scoped Search API Key constraints. This could result in a request receiving search results that should have been restricted by its Scoped Search API Key. This issue only affects search requests that use both server-side search result caching and Scoped Search API Keys with embedded filters to restrict access to search results within a collection. This vulnerability may result in unintended disclosure of search results across scoped authorization contexts. This issue has been patched in versions 29.1 and 30.2.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
typesense / typesense cpe:2.3:a:typesense:typesense:<29.1:*:*:*:*:*:*:*
typesense / typesense cpe:2.3:a:typesense:typesense:<30.2:*:*:*:*:*:*:*

References