What is CVE-2026-45137?

CVE-2026-45137 is a high-severity vulnerability in Solana-foundation Anchor, classified under Improper Input Validation. CVSS score: 8.2/10. Published 2026-05-27.

How severe is CVE-2026-45137?

High severity. CVSS v3 base score is 8.2 out of 10.

Improper input validation in Solana-foundation Anchor

CVE-2026-45137

Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (15.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N.

Affected products

Solana-foundation Anchor — versions >= 1.0.0, < 1.0.2

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-45137?: CVE-2026-45137 is a high-severity vulnerability in Solana-foundation Anchor, classified under Improper Input Validation. CVSS score: 8.2/10. Published 2026-05-27.
How severe is CVE-2026-45137?: High severity. CVSS v3 base score is 8.2 out of 10.