CVE-2026-40070
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisition_protocol: 'direct', the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: 'issuance', the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| sgbett | bsv-ruby-sdk | >= 0.3.1, < 0.8.2 | affected |
| sgbett | bsv-sdk | >= 0.3.1, < 0.8.2 | affected |
| sgbett | bsv-wallet | >= 0.1.2, < 0.3.4 | affected |
Weaknesses
- CWE-347: CWE-347: Improper Verification of Cryptographic Signature
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j
- https://github.com/sgbett/bsv-ruby-sdk/issues/305
- https://github.com/sgbett/bsv-ruby-sdk/pull/306
- https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc
- https://brc.dev/52
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.