Given the UUIDv4 08ab4280-0043-4630-b4c7-a5393083546c which hashes to 27fd3a1ea8a58bd06cced89927fadffbb2f4815203723e5cd4ab18acbe37b659.
How feasible is it to crack a SHA256 of an unsalted UUIDv4? The lack of salt shouldn't be relevant given that we're already dealing with a random string.
Assuming the attacker knows that the secret is a UUIDv4 and that it's using lowercase alphabetical characters.
Assuming the UUIDv4 is generated with a CSPRNG (this is not guaranteed), it will have 122 bits of entropy. This is only 64 times easier than brute-forcing a 128 bit key, so it's still plenty far into the realm of impossible in our lifetime, even for a nation state (barring quantum computers fast enough to perform on the order of 261 hash operations with Grover's algorithm).
There are 2122 possible v4 (variant 1) UUIDs (from Wikipedia). It doesn't really matter what representation of them you use - there are still the same number of values, and you can presumably assume that the attacker knows the format being hashed and can transform or add dashes as required.
Given that 12 completely random characters used as a password are infeasible to crack, and that is merely 9612 (assuming 96 potential characters, based on a standard keyboard), you get a good indication of why the UUID is unlikely to be guessed.
The 12 random character password has 612709757329767000000000 (ish) potential values. The UUID has 5316911983139660000000000000000000000 (ish) potential values (all values from Excel, which is not designed for such large values!). For reference, the 66 in the UUID count corresponds to the 61 in the password count.
