Vulnerability Details CVE-2026-46690
unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 2.5%
CVSS Severity
CVSS v3 Score 5.8
References
Products affected by CVE-2026-46690
-
cpe:2.3:a:spearman:unbounded-spsc:*