What is CVE-2026-39911?

CVE-2026-39911 is a high-severity vulnerability in Hashgraph Guardian, classified under Exposure of Resource to Wrong Sphere. CVSS score: 8.8/10. Published 2026-04-09.

How severe is CVE-2026-39911?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Hashgraph Guardian

CVE-2026-39911

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary co…

EPSS: 0.001 (32.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hashgraph Guardian — versions 0, 45fbe2f7e0e8feee30105d42d66ed63fb6177ebe
Hedera Guardian

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

disclosure@vulncheck.com (issue-tracking, Issue Tracking, mitigation)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-39911?: CVE-2026-39911 is a high-severity vulnerability in Hashgraph Guardian, classified under Exposure of Resource to Wrong Sphere. CVSS score: 8.8/10. Published 2026-04-09.
How severe is CVE-2026-39911?: High severity. CVSS v3 base score is 8.8 out of 10.