Vulnerability Description
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo / txStatus are silently treated as successful broadcasts. Applications that gate actions on broadcaster success are tricked into trusting transactions that were never accepted by the network. This vulnerability is fixed in 0.8.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgbett | Bsv Ruby Sdk | >= 0.1.0, < 0.8.2 |
Related Weaknesses (CWE)
References
- https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff012Patch
- https://github.com/sgbett/bsv-ruby-sdk/issues/305Issue Tracking
- https://github.com/sgbett/bsv-ruby-sdk/pull/306Issue Tracking
- https://github.com/sgbett/bsv-ruby-sdk/releases/tag/v0.8.2Release Notes
- https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-9hfr-gw99-8rhxPatchVendor Advisory
FAQ
What is CVE-2026-40069?
CVE-2026-40069 is a vulnerability with a CVSS score of 7.5 (HIGH). BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus ...
How severe is CVE-2026-40069?
CVE-2026-40069 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40069?
Check the references section above for vendor advisories and patch information. Affected products include: Sgbett Bsv Ruby Sdk.