Fail-open authentication in hathor-wallet-headless

56% confidence

Description

A fail-open authentication defect in hathor-wallet-headless allows unauthenticated access to wallet endpoints when the API key is unset, enabling unauthorized actions such as spending and minting funds.

Affected Products

Vendor	Product	Versions
hathornetwork	hathor-wallet-headless	<= 0.38.0

Related News (1 articles)

Tier C

oss-security2h ago

CVE Request: Fail-open authentication in hathor-wallet-headless <= 0.38.0 (vendor declined to fix)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-1188, CWE-276, CWE-636

PublishedMay 11, 2026

Last enriched1h ago

Trending Score30

Source articles1

Independent1

Info Completeness7/14

Missing: cve_id, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Fail-open authentication in hathor-wallet-headless

Description

Affected Products

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline