6 matches found
CVE-2026-45248
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...
CVE-2026-45248
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...
CVE-2026-45248
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in GET /api/v1/demo/registered-users that allows unauthenticated attackers to retrieve usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users. Exploitation detai...
CVE-2026-45248
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...
CVE-2026-45248 Hedera Guardian Authentication Bypass Information Disclosure
Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain...
PT-2026-41130
Name of the Vulnerable Software and Affected Versions Hedera Guardian versions prior to 3.5.2 Description An authentication bypass exists in the 'GET /api/v1/demo/registered-users' endpoint. This allows unauthenticated attackers to retrieve sensitive user information, including usernames, Hedera...