SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

PT-2026-42696

Name of the Vulnerable Software and Affected Versions SpiceDB versions 1.15.0 through 1.51.x Description Caveat structures containing nested lists can lead to improper cache reuse. This occurs when the system processes these structures using the 'CheckBulkPermissions' endpoint or the...