CVE-2026-46690
MEDIUMunbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
Title source: cnaDescription
unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/spearman/unbounded-spsc/security/advisories/GHSA-6m57-8r3p-pqx6
Scores
CVSS v3
5.8
EPSS
0.0012
EPSS Percentile
2.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
CWE-415
CWE-704
CWE-787
Status
published
Products (2)
crates.io/unbounded-spsc
0 - 0.2.0crates.io
spearman/unbounded-spsc
<= 0.2.0
Published
Jun 12, 2026
Tracked Since
Jun 12, 2026