CVE-2026-40069
Last modified
CVE-2026-40069 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sgbett | Bsv Ruby Sdk | >= 0.1.0, < 0.8.2 |
References
- https://github.com/sgbett/bsv-ruby-sdk/issues/305Issue Tracking
- https://github.com/sgbett/bsv-ruby-sdk/pull/306Issue Tracking
- https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-9hfr-gw99-8rhxPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-40069?
How severe is CVE-2026-40069?
How do I fix CVE-2026-40069?
Are you affected by CVE-2026-40069?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST