CVE-2026-40091

MEDIUM

2026-04-14 https://github.com/authzed/spicedb

GHSA-jf4f-rr2c-9m58

Information Disclosure

6.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 15, 2026 - 01:12 vuln.today

DescriptionNVD

Impact

When SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI.

Patches

v1.51.1

Workarounds

Change the log level to warn or error.

AnalysisAI

SpiceDB information disclosure vulnerability in startup logging allows high-privileged local attackers to obtain plaintext database passwords. When SpiceDB initializes at info log level, the startup configuration log message exposes the complete datastore DSN string containing unmasked credentials in the DatastoreConfig.URI field. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40091 vulnerability details – vuln.today

Back

CVE-2026-40091

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Impact

Patches

Workarounds

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code