QwikSec

Security Database

CVE

CWE

Training

CVE-2026-28410

Published: Mar 5, 2026

Modified: Mar 6, 2026

PUBLISHED

Description

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in version 3.0.0.

Vendor	Product	Versions
graphprotocol	contracts	affected `< 3.0.0`

Weaknesses (CWE)

References

https://github.com/graphprotocol/contracts/security/advisories/GHSA-qx35-rc5x-x39r

x_refsource_CONFIRM

https://github.com/graphprotocol/contracts/commit/91224ed83eeff3fc3afea01f5ed269373d9bf773

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.