VYPR

Guardian

by Hedera

Source repositories

CVEs (2)

  • CVE-2026-39911HigApr 9, 2026
    risk 0.50cvss 8.8epss 0.01

    Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript…

  • CVE-2026-45248MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication…