CVE-2026-40070
Description
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisition_protocol: 'direct', the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: 'issuance', the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bsv-sdkRubyGems | >= 0.3.1, < 0.8.2 | 0.8.2 |
bsv-walletRubyGems | >= 0.1.2, < 0.3.4 | 0.3.4 |
Affected products
4- ghsa-coords2 versions
>= 0.3.1, < 0.8.2+ 1 more
- (no CPE)range: >= 0.3.1, < 0.8.2
- (no CPE)range: >= 0.1.2, < 0.3.4
Patches
Vulnerability mechanics
References
9- github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4jnvdExploitPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-hc36-c89j-5f4jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-40070ghsaADVISORY
- brc.dev/52nvdNot ApplicableWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bsv-sdk/CVE-2026-40070.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bsv-wallet/CVE-2026-40070.ymlghsaWEB
- github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84ccnvdRelease NotesWEB
- github.com/sgbett/bsv-ruby-sdk/issues/305nvdIssue TrackingWEB
- github.com/sgbett/bsv-ruby-sdk/pull/306nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.