Incorrect Type Conversion or Cast

CVE-2026-46597

High

7.5/10

Summary

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. This vulnerability affects versions prior to v0.52.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-704 - Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

References

Advisory
Issue

Advisory Timeline

Published May 22, 2026

Incorrect Type Conversion or Cast

CVE-2026-46597

Summary

CWE-704 - Incorrect Type Conversion or Cast

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS