Hedera Guardian Authentication Bypass Vulnerability in Registered Users Endpoint

Vulnerability

An authentication bypass vulnerability has been identified in Hedera Guardian versions through 3.5.1. The issue resides in the GET /api/v1/demo/registered-users endpoint, allowing unauthenticated attackers to access sensitive user information. Exploitation of this vulnerability enables the retrieval of usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users within the system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, including usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users.

Remediation

Users can update to Hedera Guardian version 3.5.2 or later, where this vulnerability has been addressed.

Added: May 14, 2026, 10:19 PM

Updated: May 14, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.3

threat

0.0

<

Hedera Guardian Authentication Bypass Vulnerability in Registered Users Endpoint

Vulnerability

Impact

Remediation

Affected Products

Hedera Guardian

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating