VYPR
Medium severity5.3NVD Advisory· Published May 14, 2026· Updated May 27, 2026

CVE-2026-45248

CVE-2026-45248

Description

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users in the system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Hedera/Guardian2 versions
    cpe:2.3:a:hedera:guardian:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:hedera:guardian:*:*:*:*:*:*:*:*range: <=3.5.1
    • (no CPE)range: <=3.5.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.