High severity7.5NVD Advisory· Published Apr 9, 2026· Updated Apr 30, 2026
CVE-2026-40069
CVE-2026-40069
Description
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bsv-sdkRubyGems | >= 0.1.0, < 0.8.2 | 0.8.2 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84ccnvdPatchWEB
- github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-9hfr-gw99-8rhxnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-9hfr-gw99-8rhxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-40069ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bsv-sdk/CVE-2026-40069.ymlghsaWEB
- github.com/sgbett/bsv-ruby-sdk/issues/305nvdIssue TrackingWEB
- github.com/sgbett/bsv-ruby-sdk/pull/306nvdIssue TrackingWEB
- github.com/sgbett/bsv-ruby-sdk/releases/tag/v0.8.2nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.