Browse all 9 CVE security advisories affecting stellar. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Stellar is a blockchain-based decentralized protocol facilitating cross-border payments and asset tokenization. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The protocol has faced notable security incidents, including a 2013 exploit that resulted in 2.25 million XLM theft, and a 2018 vulnerability allowing unauthorized token minting. Despite these issues, Stellar maintains a transparent vulnerability disclosure process and has implemented several security enhancements to address past weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32322 | soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction — rs-soroban-sdkCWE-697 | 5.3 | Medium | 2026-03-12 |
| CVE-2026-26267 | rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide — rs-soroban-sdkCWE-670 | 7.5 | High | 2026-02-19 |
| CVE-2026-24889 | soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64 — rs-soroban-sdkCWE-190 | 5.3 | Medium | 2026-01-28 |
This page lists every published CVE security advisory associated with stellar. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.