Skip to main content

Hedera Guardian CVE-2026-45248

| EUVD-2026-30494 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-05-14 VulnCheck GHSA-5v4v-3g9q-mh5j
Authentication Bypass
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
CVSS changed
May 14, 2026 - 22:22 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)
Source Code Evidence Fetched
May 14, 2026 - 22:15 vuln.today
Analysis Generated
May 14, 2026 - 22:15 vuln.today
CVE Published
May 14, 2026 - 21:36 nvd
MEDIUM 5.3

DescriptionNVD

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users in the system.

AnalysisAI

Hedera Guardian through version 3.5.1 allows unauthenticated attackers to retrieve sensitive user information via the GET /api/v1/demo/registered-users endpoint, which lacks proper authentication controls. Attackers can access this endpoint without credentials to obtain usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-45248 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy