CVE-2026-46690 MEDIUM

CVE-2026-46690: unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Vendor Spearman
Product unbounded-spsc
Weakness CWE-125
Published June 12, 2026
Last update June 12, 2026

CVSS base score

5.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 12, 2026 Record updated