Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stellar — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting stellar. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Stellar is a blockchain-based decentralized protocol facilitating cross-border payments and asset tokenization. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The protocol has faced notable security incidents, including a 2013 exploit that resulted in 2.25 million XLM theft, and a 2018 vulnerability allowing unauthorized token minting. Despite these issues, Stellar maintains a transparent vulnerability disclosure process and has implemented several security enhancements to address past weaknesses.

Top products by stellar: rs-soroban-sdk js-stellar-sdk freighter rs-stellar-strkey stellar-core rs-stellar-xdr rs-soroban-poseidon
CVE IDTitleCVSSSeverityPublished
CVE-2026-32322 soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction — rs-soroban-sdkCWE-697 5.3 Medium2026-03-12
CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding — rs-soroban-poseidonCWE-328 7.5AIHighAI2026-03-12
CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation — rs-stellar-xdrCWE-770 4.0 Medium2026-03-06
CVE-2026-26267 rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide — rs-soroban-sdkCWE-670 7.5 High2026-02-19
CVE-2026-24889 soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64 — rs-soroban-sdkCWE-190 5.3 Medium2026-01-28
CVE-2024-32985 Stellar-core's Overlay - security fix for DDoS mitigation — stellar-coreCWE-362 5.9 Medium2024-05-09
CVE-2023-46135 Panic in SignedPayload::from_payload — rs-stellar-strkeyCWE-248 5.3 Medium2023-10-25
CVE-2023-40580 Freighter mnemonic phrase may be accessed by Javascript through a private API — freighterCWE-200 8.1 High2023-08-25
CVE-2021-32738 Utils.readChallengeTx does not verify the server account signature — js-stellar-sdkCWE-287 6.5 Medium2021-07-02

This page lists every published CVE security advisory associated with stellar. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.