Medium severity5.3NVD Advisory· Published May 14, 2026· Updated May 27, 2026
CVE-2026-45248
CVE-2026-45248
Description
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users in the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
2- github.com/hashgraph/guardian/pull/6076nvdIssue TrackingPatch
- www.vulncheck.com/advisories/hedera-guardian-authentication-bypass-information-disclosurenvdThird Party Advisory
News mentions
0No linked articles in our index yet.