PatchSiren cyber security CVE debrief
CVE-2026-46689 kanidm CVE debrief
CVE-2026-46689 is a high-severity vulnerability in the Kanidm identity management platform. Prior to version 1.9.3, a single unauthenticated GET request to any /scim/v1/... endpoint with a ?filter= query string containing a few thousand nested parentheses (≈ 4–12 KB) can cause a stack overflow, leading to the termination of the kanidmd process. This issue is patched in version 1.9.3.
- Vendor
- kanidm
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of the Kanidm identity management platform should be aware of this vulnerability and take action to update to version 1.9.3 or later.
Technical summary
The vulnerability exists in the recursive-descent PEG parser used by Kanidm. An unauthenticated attacker can exploit this vulnerability by sending a malicious GET request with a ?filter= query string containing nested parentheses, causing a stack overflow and terminating the kanidmd process.
Defensive priority
High
Recommended defensive actions
- Update Kanidm to version 1.9.3 or later.
- Restrict access to /scim/v1/... endpoints to authenticated users only.
Evidence notes
The CVE-2026-46689 vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. The vulnerability is caused by a stack overflow in the recursive-descent PEG parser used by Kanidm.
Official resources
CVE-2026-46689 was published on 2026-06-10T22:17:00.443Z and modified on 2026-06-11T15:36:29.197Z.