CVE-2026-40069

EPSS 0.27%
Veröffentlicht 09.04.2026 18:17:03
Zuletzt bearbeitet 30.04.2026 14:01:51
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sgbett ≫ Bsv Ruby Sdk SwPlatformruby Version >= 0.1.0 < 0.8.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc

Patch

https://github.com/sgbett/bsv-ruby-sdk/issues/305

Issue Tracking

https://github.com/sgbett/bsv-ruby-sdk/pull/306

Issue Tracking

https://github.com/sgbett/bsv-ruby-sdk/releases/tag/v0.8.2

Release Notes

https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-9hfr-gw99-8rhx

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-40069