What is CVE-2026-45248?

CVE-2026-45248 is a medium-severity vulnerability in Hashgraph Guardian, classified under Missing Authentication for Critical Function. CVSS score: 5.3/10. Published 2026-05-14.

How severe is CVE-2026-45248?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Auth bypass in Hashgraph Guardian

CVE-2026-45248

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint…

Vulnerability class: Broken Authentication

EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Hashgraph Guardian — versions 0
Hedera Guardian

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

disclosure@vulncheck.com (issue-tracking, Patch, Issue Tracking)
disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-45248?: CVE-2026-45248 is a medium-severity vulnerability in Hashgraph Guardian, classified under Missing Authentication for Critical Function. CVSS score: 5.3/10. Published 2026-05-14.
How severe is CVE-2026-45248?: Medium severity. CVSS v3 base score is 5.3 out of 10.