GHSA-429Q-FHH4-R6HJ: GHSA-429Q-FHH4-R6HJ: Account Substitution via Discriminator Bypass in Anchor…

1 / 2

GHSA-429Q-FHH4-R6HJ: GHSA-429Q-FHH4-R6HJ: Account Substitution via Discriminator Bypass in Anchor InterfaceAccount

DEV Community·CVE Reports·19 days ago

#TFksUgXK

#exploit #security #cve #cybersecurity #anchor #account

Reading 0:00

15s threshold

GHSA-429Q-FHH4-R6HJ: Account Substitution via Discriminator Bypass in Anchor InterfaceAccount Vulnerability ID: GHSA-429Q-FHH4-R6HJ CVSS Score: 9.1 Published: 2026-05-13 A critical vulnerability in the Anchor framework's anchor-lang crate allows account substitution attacks. The InterfaceAccount type fails to validate the 8-byte account discriminator during deserialization, permitting an attacker to supply a mismatched account type and subvert program logic. TL;DR Anchor versions prior to 1.0.0 skip structural discriminator checks for the InterfaceAccount type, allowing attackers to supply improperly typed accounts that bypass framework-level validation.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-429Q-FHH4-R6HJ: GHSA-429Q-FHH4-R6HJ: Account Substitution via Discriminator Bypass in Anchor InterfaceAccount