PatchSiren

hashgraph CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM hashgraph CVE published 2026-06-18

CVE-2026-22674

CVE-2026-22674 details a stored cross-site scripting vulnerability in Hashgraph Guardian through version 3.6.0. The vulnerability allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attackers can exploit the unsanitized innerHTML assignment in the branding service to execute arbitrary [truncated]