What is the CVSS score of CVE-2026-34061?

CVE-2026-34061 has a CVSS 3.1 base score of 4.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Canonical CVE-2026-34061

MEDIUM

Insufficient Verification of Data Authenticity (CWE-345)

2026-04-03 GitHub_M

Information Disclosure Canonical

4.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 03, 2026 - 23:15 vuln.today

CVE Published

Apr 03, 2026 - 22:07 nvd

MEDIUM 4.9

DescriptionNVD

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0.

AnalysisAI

Elected validator proposers in nimiq/core-rs-albatross before version 1.3.0 can submit election macro blocks with malformed interlink headers that bypass proposal validation but are rejected during block finalization, causing denial of service by halting consensus after Tendermint voting completes. The vulnerability requires high privileges (validator proposer role) and results in network availability impact but no data compromise, affecting the Nimiq Proof-of-Stake network's consensus reliability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-49238 HIGH This Week

8.4 May 28

Virtual machine escape in Canonical Multipass before 1.16.3 allows a root user inside a guest VM to read arbitrary files

CVE-2026-49237 HIGH This Week

7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

CVE-2026-42790 HIGH This Week

7.6 May 27

TLS server impersonation in Erlang/OTP's public_key library lets a name-constrained subordinate CA forge a trusted ident

CVE-2026-42462 HIGH This Week

7.0 May 26

Here is the multi-source synthesis for CVE-2026-42462: ```json { "product_name": "Fedify", "summary": "Linked Data

CVE-2026-47674 MEDIUM This Month

5.3 May 28

IP restriction bypass in Hono's ip-restriction middleware (hono/ip-restriction) prior to version 4.12.21 allows unauthen

CVE-2026-34061 vulnerability details – vuln.today

Back

Canonical CVE-2026-34061

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code