13 matches found
CVE-2026-45137
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...
CVE-2026-45137
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...
CVE-2026-45137 Anchor: Program<'info, System> is not properly validated
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...
CVE-2026-45137
Summary: CVE-2026-45137 affects Anchor (Solana programs) where Program validation fails due to using Pubkey::default() as a sentinel, causing System and () to be treated equivalently and allowing any executable program in place of the system program. Impact: potential arbitrary CPI or payment byp...
CVE-2026-45137
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...
CVE-2026-45137 Anchor: Program<'info, System> is not properly validated
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...
EUVD-2026-32665
Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...
GHSA-C6RC-8JPP-2FGC Anchor: Program<'info, System> is not properly validated
Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions. Details In the TryFrom implementation for Program, the id of T is compar...
Anchor: Program<'info, System> is not properly validated
Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions. Details In the TryFrom implementation for Program, the id of T is compar...
`Program<System>` accepts arbitrary executable programs
Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...
RUSTSEC-2026-0144 `Program<System>` accepts arbitrary executable programs
Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...
PT-2026-40725
Name of the Vulnerable Software and Affected Versions anchor-lang versions prior to 1.0.2 Description A logic error in the account validation process allows programs to accept any executable program ID when the system program ID is required. This occurs because the validation path for Program use...
Brave Desktop 1.71.118 Security Fixes
Added warning message when submitting transactions containing system program instructions as reported on HackerOne by topenga. Upgraded Chromium to 130.0.6723.70 — refer to Google Chrome advisories for inherited CVEs...