CVE-2026-40070 (GCVE-0-2026-40070)

Vulnerability from cvelistv5 – Published: 2026-04-09 17:26 – Updated: 2026-04-13 15:38

Title

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Summary

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisition_protocol: 'direct', the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: 'issuance', the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

GitHub_M

References

URL

Tags

	https://github.com/sgbett/bsv-ruby-sdk/security/a…	x_refsource_CONFIRM
	https://github.com/sgbett/bsv-ruby-sdk/issues/305	x_refsource_MISC
	https://github.com/sgbett/bsv-ruby-sdk/pull/306	x_refsource_MISC
	https://github.com/sgbett/bsv-ruby-sdk/commit/499…	x_refsource_MISC
	https://brc.dev/52	x_refsource_MISC

Impacted products

Vendor

Product

Version

sgbett

bsv-ruby-sdk

Affected: >= 0.3.1, < 0.8.2

	sgbett	bsv-sdk	Affected: >= 0.3.1, < 0.8.2
	sgbett	bsv-wallet	Affected: >= 0.1.2, < 0.3.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40070",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T15:29:59.716749Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T15:38:58.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "bsv-ruby-sdk",
          "vendor": "sgbett",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.3.1, \u003c 0.8.2"
            }
          ]
        },
        {
          "product": "bsv-sdk",
          "vendor": "sgbett",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.3.1, \u003c 0.8.2"
            }
          ]
        },
        {
          "product": "bsv-wallet",
          "vendor": "sgbett",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.1.2, \u003c 0.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier\u0027s signature over the certificate contents. In acquisition_protocol: \u0027direct\u0027, the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: \u0027issuance\u0027, the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T17:26:51.495Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j"
        },
        {
          "name": "https://github.com/sgbett/bsv-ruby-sdk/issues/305",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sgbett/bsv-ruby-sdk/issues/305"
        },
        {
          "name": "https://github.com/sgbett/bsv-ruby-sdk/pull/306",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sgbett/bsv-ruby-sdk/pull/306"
        },
        {
          "name": "https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc"
        },
        {
          "name": "https://brc.dev/52",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://brc.dev/52"
        }
      ],
      "source": {
        "advisory": "GHSA-hc36-c89j-5f4j",
        "discovery": "UNKNOWN"
      },
      "title": "bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40070",
    "datePublished": "2026-04-09T17:26:51.495Z",
    "dateReserved": "2026-04-09T00:39:12.204Z",
    "dateUpdated": "2026-04-13T15:38:58.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-40070",
      "date": "2026-04-25",
      "epss": "0.0001",
      "percentile": "0.01128"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-40070\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-09T18:17:03.203\",\"lastModified\":\"2026-04-24T17:03:39.437\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier\u0027s signature over the certificate contents. In acquisition_protocol: \u0027direct\u0027, the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: \u0027issuance\u0027, the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sgbett:bsv-wallet:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"0.1.2\",\"versionEndExcluding\":\"0.3.4\",\"matchCriteriaId\":\"64FDA9B4-4B7C-41B0-9736-991D19533DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sgbett:bsv_ruby_sdk:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"0.3.1\",\"versionEndExcluding\":\"0.8.2\",\"matchCriteriaId\":\"634CB7F0-563B-42FC-BCF4-3F222AA63921\"}]}]}],\"references\":[{\"url\":\"https://brc.dev/52\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/sgbett/bsv-ruby-sdk/issues/305\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/sgbett/bsv-ruby-sdk/pull/306\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-40070\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-13T15:29:59.716749Z\"}}}], \"references\": [{\"url\": \"https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-13T15:28:18.351Z\"}}], \"cna\": {\"title\": \"bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)\", \"source\": {\"advisory\": \"GHSA-hc36-c89j-5f4j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"sgbett\", \"product\": \"bsv-ruby-sdk\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.3.1, \u003c 0.8.2\"}]}, {\"vendor\": \"sgbett\", \"product\": \"bsv-sdk\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.3.1, \u003c 0.8.2\"}]}, {\"vendor\": \"sgbett\", \"product\": \"bsv-wallet\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.1.2, \u003c 0.3.4\"}]}], \"references\": [{\"url\": \"https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j\", \"name\": \"https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/sgbett/bsv-ruby-sdk/issues/305\", \"name\": \"https://github.com/sgbett/bsv-ruby-sdk/issues/305\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/sgbett/bsv-ruby-sdk/pull/306\", \"name\": \"https://github.com/sgbett/bsv-ruby-sdk/pull/306\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc\", \"name\": \"https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://brc.dev/52\", \"name\": \"https://brc.dev/52\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier\u0027s signature over the certificate contents. In acquisition_protocol: \u0027direct\u0027, the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: \u0027issuance\u0027, the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347: Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-09T17:26:51.495Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-40070\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-13T15:38:58.154Z\", \"dateReserved\": \"2026-04-09T00:39:12.204Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-09T17:26:51.495Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-40070

Vulnerability from fkie_nvd - Published: 2026-04-09 18:17 - Updated: 2026-04-24 17:03

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://brc.dev/52	Not Applicable
security-advisories@github.com	https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc	Release Notes
security-advisories@github.com	https://github.com/sgbett/bsv-ruby-sdk/issues/305	Issue Tracking
security-advisories@github.com	https://github.com/sgbett/bsv-ruby-sdk/pull/306	Issue Tracking
security-advisories@github.com	https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j	Exploit, Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j	Exploit, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	sgbett	bsv-wallet	*
	sgbett	bsv_ruby_sdk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sgbett:bsv-wallet:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "64FDA9B4-4B7C-41B0-9736-991D19533DF6",
              "versionEndExcluding": "0.3.4",
              "versionStartIncluding": "0.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sgbett:bsv_ruby_sdk:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "634CB7F0-563B-42FC-BCF4-3F222AA63921",
              "versionEndExcluding": "0.8.2",
              "versionStartIncluding": "0.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier\u0027s signature over the certificate contents. In acquisition_protocol: \u0027direct\u0027, the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: \u0027issuance\u0027, the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate."
    }
  ],
  "id": "CVE-2026-40070",
  "lastModified": "2026-04-24T17:03:39.437",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-09T18:17:03.203",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://brc.dev/52"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/sgbett/bsv-ruby-sdk/issues/305"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/sgbett/bsv-ruby-sdk/pull/306"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-HC36-C89J-5F4J

Vulnerability from github – Published: 2026-04-09 20:28 – Updated: 2026-04-09 20:28

Summary

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Details

Unverified certifier signatures persisted by `acquire_certificate`

Affected packages

Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/wallet_interface/wallet_client.rb, which is physically shipped inside both gems (the bsv-wallet.gemspec files list bundles the entire lib/bsv/wallet_interface/ tree). Consumers of either gem are independently vulnerable; the two packages are versioned separately, so each has its own affected range.

Package	Affected	Patched
`bsv-sdk`	`>= 0.3.1, < 0.8.2`	`0.8.2`
`bsv-wallet`	`>= 0.1.2, < 0.3.4`	`0.3.4`

Summary

BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. Both acquisition paths are affected:

acquisition_protocol: 'direct' — the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim.
acquisition_protocol: 'issuance' — the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification.

An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.

Details

BRC-52 requires a certificate's signature field to be verified against the claimed certifier's public key over a canonical hashing of (type, subject, serialNumber, revocationOutpoint, fields) before the certificate is trusted. The reference TypeScript SDK enforces this in Certificate.verify().

Direct path

The Ruby implementation's acquire_via_direct path (lib/bsv/wallet_interface/wallet_client.rb) constructs the certificate record directly from caller-supplied fields:

def acquire_via_direct(args)
  {
    type: args[:type],
    subject: @key_deriver.identity_key,
    serial_number: args[:serial_number],
    certifier: args[:certifier],
    revocation_outpoint: args[:revocation_outpoint],
    signature: args[:signature],
    fields: args[:fields],
    keyring: args[:keyring_for_subject]
  }
end

The returned record is then written to the storage adapter by acquire_certificate. No verification of args[:signature] against args[:certifier]'s public key occurs at any point in this path.

Issuance path

acquire_via_issuance POSTs to a certifier-supplied URL and parses the response body into a certificate record, which is then written to storage without verifying the returned signature. A hostile or compromised certifier endpoint — or anyone able to redirect/MITM the plain HTTP request — can therefore return an arbitrary signature value for any subject and have it stored as authentic. This is the same class of bypass as the direct path; it was tracked separately as finding F8.16 in the compliance review and is closed by the same fix.

Downstream impact

Downstream reads via list_certificates and selective-disclosure via prove_certificate treat stored records as valid without re-verifying, so any forgery that slips past acquire_certificate is trusted permanently.

Impact

Any caller that can invoke acquire_certificate — via either acquisition protocol — can forge a certificate attributed to an arbitrary certifier identity key, containing arbitrary fields, and have it persisted as authentic. Applications and downstream gems that rely on the wallet's certificate store as a source of truth for identity attributes (e.g. KYC assertions, role claims, attestations) are subject to credential forgery.

This is a credential-forgery primitive, not merely a spec divergence from BRC-52.

CVSS rationale

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N → 8.1 (High)

AV:N — network-reachable in any wallet context that exposes acquire_certificate to callers.
AC:L — low attack complexity: pass arbitrary bytes as signature:.
PR:L — low privileges: any caller authorised to invoke acquire_certificate.
UI:N — no user interaction required.
C:H — forged credentials via prove_certificate can assert attributes about the subject.
I:H — the wallet's credential store is polluted with attacker-controlled data.
A:N — availability unaffected.

Proof of concept

client = BSV::Wallet::WalletClient.new(key, storage: BSV::Wallet::MemoryStore.new)

client.acquire_certificate(
  type: 'age-over-18',
  acquisition_protocol: 'direct',
  certifier: claimed_trusted_pubkey_hex,
  serial_number: 'any-serial',
  revocation_outpoint: ('00' * 32) + '.0',
  signature: 'deadbeef' * 16,       # arbitrary bytes — never verified
  fields: { 'verified' => 'true' },
  keyring_for_subject: {}
)

client.list_certificates(
  certifiers: [claimed_trusted_pubkey_hex],
  types: ['age-over-18']
)
# => returns the forged record as if it were a real certificate from that certifier

Affected versions

The vulnerable direct-path code was introduced in commit d14dd19 ("feat(wallet): implement BRC-100 identity certificate methods (Phase 5)") on 2026-03-27 20:35 UTC. The vulnerable issuance-path code was added one day later in 6a4d898 ("feat(wallet): implement certificate issuance protocol", 2026-03-28 04:38 UTC), which removed an earlier raise UnsupportedActionError and replaced it with an unverified HTTP POST.

bsv-sdk: the v0.3.1 chore bump (89de3a2) was committed 28 minutes after d14dd19, so the direct-path bypass shipped in the v0.3.1 tag. The v0.3.1 release raised UnsupportedActionError for the issuance path, so the issuance-path bypass first shipped in v0.3.2 (5a335de). Every subsequent release up to and including v0.8.1 is affected by at least one path, and every release from v0.3.2 onwards is affected by both. Combined affected range: >= 0.3.1, < 0.8.2.

bsv-wallet: at the time both commits landed, the wallet gem was at version 0.1.1. The first wallet release containing any of the vulnerable code was v0.1.2 (5a335de, 2026-03-30), which shipped both paths simultaneously. Every subsequent release up to and including v0.3.3 is affected on both paths. Affected range: >= 0.1.2, < 0.3.4.

Patches

Upgrade to bsv-sdk >= 0.8.2 and/or bsv-wallet >= 0.3.4. Both releases ship the same fix: a new module BSV::Wallet::CertificateSignature (lib/bsv/wallet_interface/certificate_signature.rb), which builds the BRC-52 canonical preimage (type, serial_number, subject, certifier, revocation_outpoint, lexicographically-sorted fields) and verifies the certifier's signature against it via ProtoWallet#verify_signature with protocol ID [2, 'certificate signature'] and counterparty = the claimed certifier's public key. Both acquire_via_direct and acquire_via_issuance now call CertificateSignature.verify! before returning the certificate to acquire_certificate, so invalid certificates raise BSV::Wallet::CertificateSignature::InvalidError (a subclass of InvalidSignatureError) and are never written to storage.

Consumers should upgrade whichever gem they depend on directly; they do not need both. bsv-wallet 0.3.4 additionally tightens its dependency on bsv-sdk from the stale ~> 0.4 to >= 0.8.2, < 1.0, which forces the known-good pairing and pulls in the sibling advisory fixes (F1.3, F5.13) tracked separately.

The issuance-path fix also partially closes finding F8.16 from the same compliance review. F8.16's second aspect — switching the issuance transport from ad-hoc JSON POST to BRC-104 AuthFetch — is not addressed here and remains deferred to a future release.

Fixed in sgbett/bsv-ruby-sdk#306.

Workarounds

If upgrading is not immediately possible:

Do not expose acquire_certificate (either acquisition protocol) to untrusted callers.
Do not invoke acquire_certificate with acquisition_protocol: 'issuance' against a certifier URL you do not fully trust, and require TLS for any such request.
Treat any record returned by list_certificates / prove_certificate as unverified and perform an out-of-band BRC-52 verification against the certifier's public key before acting on it.

Credit

Identified during the 2026-04-08 cross-SDK compliance review, tracked as findings F8.15 (direct path) and F8.16 (issuance path, partial).

References

HLR: sgbett/bsv-ruby-sdk#305
Fix PR: sgbett/bsv-ruby-sdk#306
Compliance review: .architecture/reviews/20260408-cross-sdk-compliance-review.md
BRC-52 specification: https://brc.dev/52
TypeScript reference: Certificate.verify() in @bsv/sdk

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "bsv-sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.1"
            },
            {
              "fixed": "0.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "bsv-wallet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.2"
            },
            {
              "fixed": "0.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-09T20:28:10Z",
    "nvd_published_at": "2026-04-09T18:17:03Z",
    "severity": "HIGH"
  },
  "details": "# Unverified certifier signatures persisted by `acquire_certificate`\n\n## Affected packages\n\nBoth `bsv-sdk` and `bsv-wallet` are published from the [sgbett/bsv-ruby-sdk](https://github.com/sgbett/bsv-ruby-sdk) repository. The vulnerable code lives in `lib/bsv/wallet_interface/wallet_client.rb`, which is **physically shipped inside both gems** (the `bsv-wallet.gemspec` `files` list bundles the entire `lib/bsv/wallet_interface/` tree). Consumers of either gem are independently vulnerable; the two packages are versioned separately, so each has its own affected range.\n\n| Package | Affected | Patched |\n| --- | --- | --- |\n| `bsv-sdk` | `\u003e= 0.3.1, \u003c 0.8.2` | `0.8.2` |\n| `bsv-wallet` | `\u003e= 0.1.2, \u003c 0.3.4` | `0.3.4` |\n\n## Summary\n\n`BSV::Wallet::WalletClient#acquire_certificate` persists certificate records to storage **without verifying the certifier\u0027s signature** over the certificate contents. Both acquisition paths are affected:\n\n- `acquisition_protocol: \u0027direct\u0027` \u2014 the caller supplies all certificate fields (including `signature:`) and the record is written to storage verbatim.\n- `acquisition_protocol: \u0027issuance\u0027` \u2014 the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification.\n\nAn attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to `list_certificates` and `prove_certificate`.\n\n## Details\n\nBRC-52 requires a certificate\u0027s `signature` field to be verified against the claimed certifier\u0027s public key over a canonical hashing of `(type, subject, serialNumber, revocationOutpoint, fields)` before the certificate is trusted. The reference TypeScript SDK enforces this in `Certificate.verify()`.\n\n### Direct path\n\nThe Ruby implementation\u0027s `acquire_via_direct` path (`lib/bsv/wallet_interface/wallet_client.rb`) constructs the certificate record directly from caller-supplied fields:\n\n```ruby\ndef acquire_via_direct(args)\n  {\n    type: args[:type],\n    subject: @key_deriver.identity_key,\n    serial_number: args[:serial_number],\n    certifier: args[:certifier],\n    revocation_outpoint: args[:revocation_outpoint],\n    signature: args[:signature],\n    fields: args[:fields],\n    keyring: args[:keyring_for_subject]\n  }\nend\n```\n\nThe returned record is then written to the storage adapter by `acquire_certificate`. No verification of `args[:signature]` against `args[:certifier]`\u0027s public key occurs at any point in this path.\n\n### Issuance path\n\n`acquire_via_issuance` POSTs to a certifier-supplied URL and parses the response body into a certificate record, which is then written to storage without verifying the returned signature. A hostile or compromised certifier endpoint \u2014 or anyone able to redirect/MITM the plain HTTP request \u2014 can therefore return an arbitrary `signature` value for any subject and have it stored as authentic. This is the same class of bypass as the direct path; it was tracked separately as finding **F8.16** in the compliance review and is closed by the same fix.\n\n### Downstream impact\n\nDownstream reads via `list_certificates` and selective-disclosure via `prove_certificate` treat stored records as valid without re-verifying, so any forgery that slips past `acquire_certificate` is trusted permanently.\n\n## Impact\n\nAny caller that can invoke `acquire_certificate` \u2014 via either acquisition protocol \u2014 can forge a certificate attributed to an arbitrary certifier identity key, containing arbitrary fields, and have it persisted as authentic. Applications and downstream gems that rely on the wallet\u0027s certificate store as a source of truth for identity attributes (e.g. KYC assertions, role claims, attestations) are subject to credential forgery.\n\nThis is a credential-forgery primitive, not merely a spec divergence from BRC-52.\n\n## CVSS rationale\n\n`AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N` \u2192 **8.1 (High)**\n\n- **AV:N** \u2014 network-reachable in any wallet context that exposes `acquire_certificate` to callers.\n- **AC:L** \u2014 low attack complexity: pass arbitrary bytes as `signature:`.\n- **PR:L** \u2014 low privileges: any caller authorised to invoke `acquire_certificate`.\n- **UI:N** \u2014 no user interaction required.\n- **C:H** \u2014 forged credentials via `prove_certificate` can assert attributes about the subject.\n- **I:H** \u2014 the wallet\u0027s credential store is polluted with attacker-controlled data.\n- **A:N** \u2014 availability unaffected.\n\n## Proof of concept\n\n```ruby\nclient = BSV::Wallet::WalletClient.new(key, storage: BSV::Wallet::MemoryStore.new)\n\nclient.acquire_certificate(\n  type: \u0027age-over-18\u0027,\n  acquisition_protocol: \u0027direct\u0027,\n  certifier: claimed_trusted_pubkey_hex,\n  serial_number: \u0027any-serial\u0027,\n  revocation_outpoint: (\u002700\u0027 * 32) + \u0027.0\u0027,\n  signature: \u0027deadbeef\u0027 * 16,       # arbitrary bytes \u2014 never verified\n  fields: { \u0027verified\u0027 =\u003e \u0027true\u0027 },\n  keyring_for_subject: {}\n)\n\nclient.list_certificates(\n  certifiers: [claimed_trusted_pubkey_hex],\n  types: [\u0027age-over-18\u0027]\n)\n# =\u003e returns the forged record as if it were a real certificate from that certifier\n```\n\n## Affected versions\n\nThe vulnerable direct-path code was introduced in commit `d14dd19` (\"feat(wallet): implement BRC-100 identity certificate methods (Phase 5)\") on 2026-03-27 20:35 UTC. The vulnerable issuance-path code was added one day later in `6a4d898` (\"feat(wallet): implement certificate issuance protocol\", 2026-03-28 04:38 UTC), which removed an earlier `raise UnsupportedActionError` and replaced it with an unverified HTTP POST.\n\n**`bsv-sdk`:** the v0.3.1 chore bump (`89de3a2`) was committed 28 minutes after `d14dd19`, so the direct-path bypass shipped in the **v0.3.1** tag. The v0.3.1 release raised `UnsupportedActionError` for the issuance path, so the issuance-path bypass first shipped in **v0.3.2** (`5a335de`). Every subsequent release up to and including **v0.8.1** is affected by at least one path, and every release from v0.3.2 onwards is affected by both. Combined affected range: `\u003e= 0.3.1, \u003c 0.8.2`.\n\n**`bsv-wallet`:** at the time both commits landed, the wallet gem was at version 0.1.1. The first wallet release containing any of the vulnerable code was **v0.1.2** (`5a335de`, 2026-03-30), which shipped both paths simultaneously. Every subsequent release up to and including **v0.3.3** is affected on both paths. Affected range: `\u003e= 0.1.2, \u003c 0.3.4`.\n\n## Patches\n\nUpgrade to `bsv-sdk \u003e= 0.8.2` **and/or** `bsv-wallet \u003e= 0.3.4`. Both releases ship the same fix: a new module `BSV::Wallet::CertificateSignature` (`lib/bsv/wallet_interface/certificate_signature.rb`), which builds the BRC-52 canonical preimage (`type`, `serial_number`, `subject`, `certifier`, `revocation_outpoint`, lexicographically-sorted `fields`) and verifies the certifier\u0027s signature against it via `ProtoWallet#verify_signature` with protocol ID `[2, \u0027certificate signature\u0027]` and counterparty = the claimed certifier\u0027s public key. Both `acquire_via_direct` and `acquire_via_issuance` now call `CertificateSignature.verify!` before returning the certificate to `acquire_certificate`, so invalid certificates raise `BSV::Wallet::CertificateSignature::InvalidError` (a subclass of `InvalidSignatureError`) and are never written to storage.\n\nConsumers should upgrade whichever gem they depend on directly; they do not need both. `bsv-wallet 0.3.4` additionally tightens its dependency on `bsv-sdk` from the stale `~\u003e 0.4` to `\u003e= 0.8.2, \u003c 1.0`, which forces the known-good pairing and pulls in the sibling advisory fixes (F1.3, F5.13) tracked separately.\n\nThe issuance-path fix also partially closes finding **F8.16** from the same compliance review. F8.16\u0027s second aspect \u2014 switching the issuance transport from ad-hoc JSON POST to BRC-104 AuthFetch \u2014 is not addressed here and remains deferred to a future release.\n\nFixed in sgbett/bsv-ruby-sdk#306.\n\n## Workarounds\n\nIf upgrading is not immediately possible:\n\n- Do not expose `acquire_certificate` (either acquisition protocol) to untrusted callers.\n- Do not invoke `acquire_certificate` with `acquisition_protocol: \u0027issuance\u0027` against a certifier URL you do not fully trust, and require TLS for any such request.\n- Treat any record returned by `list_certificates` / `prove_certificate` as unverified and perform an out-of-band BRC-52 verification against the certifier\u0027s public key before acting on it.\n\n## Credit\n\nIdentified during the 2026-04-08 cross-SDK compliance review, tracked as findings F8.15 (direct path) and F8.16 (issuance path, partial).\n\n## References\n\n- HLR: sgbett/bsv-ruby-sdk#305\n- Fix PR: sgbett/bsv-ruby-sdk#306\n- Compliance review: [`.architecture/reviews/20260408-cross-sdk-compliance-review.md`](../../.architecture/reviews/20260408-cross-sdk-compliance-review.md)\n- BRC-52 specification: https://brc.dev/52\n- TypeScript reference: `Certificate.verify()` in `@bsv/sdk`",
  "id": "GHSA-hc36-c89j-5f4j",
  "modified": "2026-04-09T20:28:10Z",
  "published": "2026-04-09T20:28:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40070"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sgbett/bsv-ruby-sdk/issues/305"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sgbett/bsv-ruby-sdk/pull/306"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sgbett/bsv-ruby-sdk/commit/4992e8a265fd914a7eeb0405c69d1ff0122a84cc"
    },
    {
      "type": "WEB",
      "url": "https://brc.dev/52"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sgbett/bsv-ruby-sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-40070 (GCVE-0-2026-40070)

FKIE_CVE-2026-40070

GHSA-HC36-C89J-5F4J

Unverified certifier signatures persisted by acquire_certificate

Affected packages

Summary

Details

Direct path

Issuance path

Downstream impact

Impact

CVSS rationale

Proof of concept

Affected versions

Patches

Workarounds

Credit

References

Tags

Sightings

Nomenclature

Unverified certifier signatures persisted by `acquire_certificate`