Hashgraph Guardian vulnerabilities
3 known vulnerabilities affecting hashgraph/guardian.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-39911P2HIGHCVSS 8.8≤ 3.5.12026-04-09
CVE-2026-39911 [HIGH] CWE-668 CVE-2026-39911: Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScrip
Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directly to the Node.js Function() constructor without isolatio
nvd
CVE-2026-45248P3MEDIUMCVSS 5.3≤ 3.5.12026-05-14
CVE-2026-45248 [MEDIUM] CWE-306 CVE-2026-45248: Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/dem
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain usernames, Hedera DIDs, parent registry DIDs, system rol
nvd
CVE-2026-22674P4MEDIUMCVSS 4.8≤ 3.6.02026-06-18
CVE-2026-22674 [MEDIUM] CWE-79 CVE-2026-22674: Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vu
Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attackers can exploit the unsanitized innerHTML assignment in
nvd