CyberRota
← Ana sayfaya dön

CVE-2026-46689

UNKNOWN · CVSS N/A EPSS %0.32 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-10T22:17:00.443 · Çekilme zamanı: 2026-06-30T12:16:48.608451+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-46689
Severity
UNKNOWN
CVSS
N/A
EPSS
%0.32

Orijinal NVD Açıklaması

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.