Skip to main content

Canonical CVE-2026-34061

MEDIUM
Insufficient Verification of Data Authenticity (CWE-345)
2026-04-03 GitHub_M
4.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Apr 03, 2026 - 23:15 vuln.today
CVE Published
Apr 03, 2026 - 22:07 nvd
MEDIUM 4.9

DescriptionGitHub Advisory

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0.

AnalysisAI

Elected validator proposers in nimiq/core-rs-albatross before version 1.3.0 can submit election macro blocks with malformed interlink headers that bypass proposal validation but are rejected during block finalization, causing denial of service by halting consensus after Tendermint voting completes. The vulnerability requires high privileges (validator proposer role) and results in network availability impact but no data compromise, affecting the Nimiq Proof-of-Stake network's consensus reliability.

Technical ContextAI

The Nimiq core-rs-albatross is a Rust implementation of the Albatross consensus algorithm, which operates within the Tendermint Byzantine Fault Tolerant (BFT) consensus framework. The vulnerability exists in the election macro block validation logic: the verify_macro_block_proposal() function validates the block header's structural integrity, successor relationships, proposer authorization, body root, and state transitions, but critically omits validation of the header.interlink field binding for election blocks. The interlink serves as a historical chain of block references used for Proof-of-Work-style skip-list validation and consensus finality. When a malformed interlink passes proposal validation, validators sign and prevote/precommit the block hash in Tendermint. Only after consensus decides the block does verify_block() during push reject it with InvalidInterlink, creating a window where consensus has committed to a block that cannot be applied. This represents a logic error (CWE-345: Insufficient Verification of Data Authenticity) in cryptographic validation sequencing.

RemediationAI

Vendor-released patch: upgrade nimiq/core-rs-albatross to version 1.3.0 or later. The fix is implemented in commit 9d7d17c9163384e79f61cdbbfe9853ae57bb8bf7 (accessible via pull request https://github.com/nimiq/core-rs-albatross/pull/3668) and is officially released at https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0. Validators and node operators should prioritize upgrading to 1.3.0 immediately to restore interlink validation in proposal verification. No workarounds are documented; the patch is required to restore correct consensus behavior. Consult the GitHub security advisory at https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gr83-j5f8-p2r5 for operational guidance during upgrade.

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2026-33309 CRITICAL POC
9.9 Mar 19

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar

CVE-2019-7304 CRITICAL POC
9.8 Apr 23

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitra

CVE-2026-33186 CRITICAL POC
9.1 Mar 18

An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTT

CVE-2026-50180 HIGH POC
8.7 Jul 02

Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfi

CVE-2020-14966 HIGH POC
7.5 Jun 22

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner

CVE-2020-13822 HIGH POC
7.7 Jun 04

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' byte

CVE-2026-29181 HIGH POC
7.5 Apr 07

Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger se

CVE-2019-7303 HIGH POC
7.5 Apr 23

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert char

CVE-2014-4699 MEDIUM POC
6.9 Jul 09

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved

CVE-2017-7725 MEDIUM POC
6.1 Apr 13

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "ca

CVE-2026-48816 MEDIUM POC
6.5 Jul 01

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity w

Share

CVE-2026-34061 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy