CVE-2026-40069: CWE-754: Improper Check for Unusual or Exceptional Conditions in sgbett bsv-ruby-sdk
The BSV Ruby SDK versions from 0. 1. 0 up to but not including 0. 8. 2 contain a vulnerability in the failure detection logic of BSV::Network::ARC. This logic only recognizes certain failure statuses (REJECTED and DOUBLE_SPEND_ATTEMPTED) and incorrectly treats other failure statuses such as INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or ORPHAN-related statuses as successful broadcasts. As a result, applications relying on this SDK may mistakenly trust transactions that were never accepted by the network. This issue is fixed starting with version 0. 8. 2.
AI Analysis
Technical Summary
CVE-2026-40069 is a vulnerability in the sgbett bsv-ruby-sdk affecting versions >= 0.1.0 and < 0.8.2. The problem lies in the failure detection mechanism of BSV::Network::ARC, which only considers REJECTED and DOUBLE_SPEND_ATTEMPTED as failure states. Other failure states like INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo or txStatus are incorrectly treated as successful broadcasts. This improper check (CWE-754) can cause applications to trust transactions that were never accepted by the BSV blockchain network. The vulnerability has a CVSS 3.1 score of 7.5 (high severity) with network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. The issue is resolved in version 0.8.2 of the SDK.
Potential Impact
Applications using affected versions of the bsv-ruby-sdk may incorrectly assume that certain transactions have been successfully broadcast and accepted by the BSV network when in fact they have failed due to statuses not properly recognized as failures. This can lead to trusting invalid or malformed transactions, potentially causing integrity issues in systems relying on this SDK for blockchain transaction status verification.
Mitigation Recommendations
Upgrade to version 0.8.2 or later of the bsv-ruby-sdk, where this vulnerability is fixed. Since the vendor advisory indicates the issue is resolved in 0.8.2, applying this update is the recommended remediation. Patch status is confirmed by the version fix note in the description. No other mitigation steps are indicated.
CVE-2026-40069: CWE-754: Improper Check for Unusual or Exceptional Conditions in sgbett bsv-ruby-sdk
Description
The BSV Ruby SDK versions from 0. 1. 0 up to but not including 0. 8. 2 contain a vulnerability in the failure detection logic of BSV::Network::ARC. This logic only recognizes certain failure statuses (REJECTED and DOUBLE_SPEND_ATTEMPTED) and incorrectly treats other failure statuses such as INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or ORPHAN-related statuses as successful broadcasts. As a result, applications relying on this SDK may mistakenly trust transactions that were never accepted by the network. This issue is fixed starting with version 0. 8. 2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40069 is a vulnerability in the sgbett bsv-ruby-sdk affecting versions >= 0.1.0 and < 0.8.2. The problem lies in the failure detection mechanism of BSV::Network::ARC, which only considers REJECTED and DOUBLE_SPEND_ATTEMPTED as failure states. Other failure states like INVALID, MALFORMED, MINED_IN_STALE_BLOCK, or any ORPHAN-containing extraInfo or txStatus are incorrectly treated as successful broadcasts. This improper check (CWE-754) can cause applications to trust transactions that were never accepted by the BSV blockchain network. The vulnerability has a CVSS 3.1 score of 7.5 (high severity) with network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. The issue is resolved in version 0.8.2 of the SDK.
Potential Impact
Applications using affected versions of the bsv-ruby-sdk may incorrectly assume that certain transactions have been successfully broadcast and accepted by the BSV network when in fact they have failed due to statuses not properly recognized as failures. This can lead to trusting invalid or malformed transactions, potentially causing integrity issues in systems relying on this SDK for blockchain transaction status verification.
Mitigation Recommendations
Upgrade to version 0.8.2 or later of the bsv-ruby-sdk, where this vulnerability is fixed. Since the vendor advisory indicates the issue is resolved in 0.8.2, applying this update is the recommended remediation. Patch status is confirmed by the version fix note in the description. No other mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T00:39:12.204Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d7e6ff1cc7ad14dafe8dda
Added to database: 4/9/2026, 5:50:55 PM
Last enriched: 4/9/2026, 6:06:01 PM
Last updated: 4/9/2026, 7:15:14 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.