HIGH
kanidm
CVE published 2026-06-10
CVE-2026-46689
CVE-2026-46689 is a high-severity vulnerability in the Kanidm identity management platform. Prior to version 1.9.3, a single unauthenticated GET request to any /scim/v1/... endpoint with a ?filter= query string containing a few thousand nested parentheses (≈ 4–12 KB) can cause a stack overflow, leading to the termination of the kanidmd process. This issue is patched in version 1.9.3.