A cache isolation issue was found in Typesense, a fast, typo-tolerant search engine. This issue affects search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across requests with different Scoped Search API Key constraints. This could result in a request receiving search results that should have be [truncated]
CVE-2026-47216 is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint of Typesense, a fast, typo-tolerant search engine. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to terminate. This issue can be exploited over the network without authentication and results in service unavailability. The duration of impa [truncated]
