MEDIUM
hashgraph
CVE published 2026-06-18
CVE-2026-22674
CVE-2026-22674 details a stored cross-site scripting vulnerability in Hashgraph Guardian through version 3.6.0. The vulnerability allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attackers can exploit the unsanitized innerHTML assignment in the branding service to execute arbitrary [truncated]