Home / Vulnerability Intelligence / CVE-2026-39911

CVE-2026-39911 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 9, 2026

Hashgraph Guardian - Remote Code Execution & Privilege Escalation

Published: April 9, 2026Updated: April 9, 2026Remote Exploitable

Overview

Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker, letting authenticated Standard Registry users execute arbitrary code and access sensitive data, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 12.0%(Probability of exploitation in next 30 days)

Impact

Authenticated users can execute arbitrary code, read sensitive files, and forge authentication tokens, leading to full system compromise.

Mitigation

Update to a version later than 3.5.0 or the latest available version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 12, 2026

🟠 CVE-2026-39911 - High (8.8) Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaSc... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39911/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-39911
Severity: High
CVSS Score: 8.8
Type: undefined
Status: new
EPSS: 12.0%
Social Posts: 1

CWE

CWE-668

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

12.0%Probability of exploitation in the next 30 days