Skip to main content

Kanidm

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-46689 Cargo HIGH PATCH This Week

Unauthenticated remote denial-of-service in Kanidm identity management server versions prior to 1.9.3 allows any network attacker to crash the entire kanidmd daemon by sending a single GET request to any /scim/v1/* endpoint with a deeply nested parenthesised ?filter= query string. The recursive-descent PEG parser exhausts the worker thread's 2 MiB stack, triggering Rust's std::process::abort(). No public exploit identified at time of analysis, but technical details and root cause are fully disclosed in the upstream advisory.

Buffer Overflow Kanidm
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-46689 Cargo
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthenticated remote denial-of-service in Kanidm identity management server versions prior to 1.9.3 allows any network attacker to crash the entire kanidmd daemon by sending a single GET request to any /scim/v1/* endpoint with a deeply nested parenthesised ?filter= query string. The recursive-descent PEG parser exhausts the worker thread's 2 MiB stack, triggering Rust's std::process::abort(). No public exploit identified at time of analysis, but technical details and root cause are fully disclosed in the upstream advisory.

Buffer Overflow Kanidm
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy