CVE-2026-46668
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.
Risk Assessment
Improper cache reuse may lead to unauthorized access to application permissions, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade SpiceDB to version 1.52.0 or later to mitigate this vulnerability.
Original NVD description (English source)
SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.

