CVE-2026-40070

Source
https://cve.org/CVERecord?id=CVE-2026-40070
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40070.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40070
Aliases
Published
2026-04-09T17:26:51.495Z
Modified
2026-07-08T08:13:23.587021537Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)
Details

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisitionprotocol: 'issuance', the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to listcertificates and prove_certificate.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40070.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-347"
    ]
}
References

Affected packages

Git / github.com/sgbett/bsv-ruby-sdk

Affected ranges

Type
GIT
Repo
https://github.com/sgbett/bsv-ruby-sdk
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": [
        "cpe:2.3:a:sgbett:bsv-wallet:*:*:*:*:*:ruby:*:*",
        "cpe:2.3:a:sgbett:bsv_ruby_sdk:*:*:*:*:*:ruby:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0.1.2"
        },
        {
            "fixed": "0.3.4"
        },
        {
            "introduced": "0.3.1"
        },
        {
            "fixed": "0.8.2"
        }
    ]
}

Affected versions

v0.*
v0.8.0
v0.8.1
wallet-v0.*
wallet-v0.3.1
wallet-v0.3.2
wallet-v0.3.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40070.json"