PatchSiren cyber security CVE debrief
CVE-2026-46690 spearman CVE debrief
CVE-2026-46690 is a vulnerability in the unbounded_spsc extension of bounded_spsc_queue, affecting versions 0.2.0 and prior. The issue arises from the sender::send pointer-as-value transmute, which causes an out-of-bounds (OOB) read and fake-Arc drop under a TX/RX race condition. At the time of publication, there are no publicly available patches for this vulnerability.
- Vendor
- spearman
- Product
- unbounded-spsc
- CVSS
- MEDIUM 5.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of unbounded_spsc version 0.2.0 and prior should be aware of this vulnerability, as it could potentially lead to security issues.
Technical summary
The vulnerability has a CVSS score of 5.8 and is classified as MEDIUM severity. It is related to CWE-125, CWE-415, CWE-704, and CWE-787.
Defensive priority
MEDIUM
Recommended defensive actions
- Review the GitHub advisory for more information: [ref-4](https://github.com/spearman/unbounded-spsc/security/advisories/GHSA-6m57-8r3p-pqx6)
- Check the official CVE record: [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-46690)
- View the NVD detail page: [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-46690)
Evidence notes
The CVE was published on 2026-06-12T16:16:29.197Z and modified on 2026-06-12T17:16:23.640Z.
Official resources
-
CVE-2026-46690 CVE record
CVE.org
-
CVE-2026-46690 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-46690 was published on 2026-06-12T16:16:29.197Z.