CVE-2026-40069

Published April 9, 2026 · Updated April 10, 2026

7.5CVSS

high

What This Means

CVE-2026-40069 is a high-severity vulnerability in versions 0.1.0 to 0.8.1 of the BSV Ruby SDK, specifically within the BSV::Network::ARC component. The failure detection mechanism does not appropriately handle certain txStatus values, leading applications to mistakenly consider unauthenticated transactions as successful. Upgrade to version 0.8.2 or later to mitigate this risk and ensure proper transaction validation on the BSV blockchain.

Official Description+

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2026-40069.

Related Coverage

Vvulnerability

Critical Flaw in BSV Ruby SDK Allows Misleading Transaction Status

CVE-2026-40069 in the BSV Ruby SDK affects transactions and requires updates to version 0.8.2 or later. Applications may misinterpret invalid transactions as successful, posing financial risks.

NVD·3h ago·3 min read