CVE-2026-22674

Name: CVE-2026-22674 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-22674

MEDIUM

CVSS v3.1: 4.8 · EPSS: 0.0018 (7.4 percentile)

NetworkXSSVendor advisory ref

Source data as of: 2026-06-24 05:00:54 UTC

At a glance

Severity: MEDIUM
CVSS: 4.8 v3.1 · NVD
EPSS: 0.0018 (7.4 percentile) · FIRST.org
CISA KEV: No
Type: XSS · NVD CWE
Attack conditions (CVSS vector): Network · Source: NVD Vector
Published: 2026-06-18 · Modified: 2026-06-23
References: Jump to references (3)

CVSS / EPSS / KEV

CVSS v3.1 4.8 / 10 MEDIUM Source: NVD

CVSS v4.0 4.8 / 10 MEDIUM Source: NVD

EPSS 0.0018 7.4 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attackers can exploit the unsanitized innerHTML assignment in the branding service to execute arbitrary JavaScript in the browser of every authenticated user on every page load.

Record details

CVE ID: CVE-2026-22674
CVSS (v3.1): 4.8 (MEDIUM)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability subscore: 1.7
Impact subscore: 2.7
EPSS: 0.0018 (7.4 percentile) — 2026-06-24
CISA KEV: No
Weakness (CWE): CWE-79
Affected configurations (CPE): 0
Published: 2026-06-18
Modified: 2026-06-23
Status: Deferred

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2026-22674

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same weakness type (CWE)

Published the same year