CVE-2026-46690
MediumCVSS 5.8Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
The unbounded_spsc extension in versions 0.2.0 and prior contains a bug that leads to out-of-bounds reads and fake resource drops due to a race condition between sender and receiver.
Risk Assessment
Organizations may be exposed to unauthorized memory access, potentially leading to data leaks or system crashes.
Recommendation
It is recommended to monitor for updates and implement patches as they become available to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.

