Stored Cross-Site Scripting Vulnerability in Hashgraph Guardian by Hashgraph
CVE-2026-22674
4.8MEDIUM
What is CVE-2026-22674?
Hashgraph Guardian versions up to 3.5.0 allow an authenticated user with the STANDARD_REGISTRY role to exploit a stored cross-site scripting vulnerability. By submitting a specially crafted 'companyName' value via the branding configuration API, attackers can inject malicious scripts, leading to arbitrary JavaScript execution in the browsers of all authenticated users upon page load. This unsanitized manipulation of innerHTML can result in significant security risks, making it essential for users to apply the recommended updates and patches.
Affected Version(s)
guardian 0 <= 3.6.0
guardian 0 <= 3.6.0
guardian ba8c566807848cf84360716438056d8d8d2c8362