LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic in github.com/authzed/spicedb

GO-2026-4465 · GHSA-vhvq-fv9f-wh4q

Published Feb 17, 2026 · Modified Feb 19, 2026

Description

LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic in github.com/authzed/spicedb.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: .

Ready to move

Free, no credit card | First findings in minutes