Transaction Trust Issue in BSV Ruby SDK by BSV
CVE-2026-40069

7.5HIGH

Key Information:

Vendor

Sgbett

Status
Bsv-ruby-sdk
Vendor
CVE Published:
9 April 2026

What is CVE-2026-40069?

The BSV Ruby SDK, used for transactions on the BSV blockchain, suffers from a validation flaw in its ARC network module. It improperly handles responses indicating transaction failures. Specifically, certain 'txStatus' values, including INVALID, MALFORMED, and ORPHAN, are mistreated as successful broadcasts. This could mislead applications that depend on confirmed broadcasts, allowing transactions that the network has rejected to be accepted inappropriately. The issue persists in versions up to 0.8.1 and is rectified starting from version 0.8.2.

Affected Version(s)

bsv-ruby-sdk >= 0.1.0, < 0.8.2

References

https://github.com/sgbett/bsv-ruby-sdk/security/advisorie...
x_refsource_CONFIRM
https://github.com/sgbett/bsv-ruby-sdk/issues/305
x_refsource_MISC
https://github.com/sgbett/bsv-ruby-sdk/pull/306
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.