4 matches found
CVE-2026-45137
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...
CVE-2026-45137
Summary: CVE-2026-45137 affects Anchor (Solana programs) where Program validation fails due to using Pubkey::default() as a sentinel, causing System and () to be treated equivalently and allowing any executable program in place of the system program. Impact: potential arbitrary CPI or payment byp...
GHSA-C6RC-8JPP-2FGC Anchor: Program<'info, System> is not properly validated
Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions. Details In the TryFrom implementation for Program, the id of T is compar...
PT-2026-40725
Name of the Vulnerable Software and Affected Versions anchor-lang versions prior to 1.0.2 Description A logic error in the account validation process allows programs to accept any executable program ID when the system program ID is required. This occurs because the validation path for Program use...