Core Rs Albatross
CVE-2026-35468
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionGitHub Advisory
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
AnalysisAI
Denial of service in Nimiq Core RS Albatross prior to version 1.3.0 allows remote attackers to crash full nodes by sending specially crafted consensus requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) when the node is operating without a history index. The vulnerability stems from unsafe unwrap() calls that panic when encountering a valid but unindexed state, affecting nodes during synchronization or when intentionally configured without history indexing.
Technical ContextAI
Nimiq Core RS Albatross is a Rust implementation of the Nimiq Proof-of-Stake blockchain protocol using the Albatross consensus algorithm. The vulnerability exists in two peer-facing consensus request handlers that invoke blockchain.history_store.history_index().unwrap() without first validating whether the history index is available. The HistoryStoreProxy enum explicitly defines a WithoutIndex state that returns None from history_index(), a valid operational configuration for nodes syncing or running with reduced resources. The root cause is CWE-252 (Unchecked Return Value), where the code assumes a successful return without handling the None variant. This panic-based denial of service occurs at the network protocol layer when remote peers interact with the node's request handling mechanism.
RemediationAI
Upgrade Nimiq Core RS Albatross to version 1.3.0 or later. The vendor-released patch version 1.3.0 resolves the unsafe unwrap() calls by properly handling the None case when the history index is unavailable. Node operators should prioritize this upgrade, particularly those running nodes in sync mode or with intentionally disabled history indexing. The fix is available via the official Nimiq GitHub repository at https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0 and the upstream commit at https://github.com/nimiq/core-rs-albatross/commit/0e5c90a6c75b722f3d6091769776a4040e694dba.
More in Core Rs Albatross
View allInteger truncation in Nimiq core-rs-albatross's skip block proof verification allows authenticated validators to forge c
Timestamp manipulation in Nimiq Core Rust implementation (nimiq-blockchain 1.3.0 and earlier) allows authenticated block
Nimiq core-rs-albatross validators prior to version 1.3.0 can be remotely crashed via malformed Tendermint proposals. An
Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic de
Panic-triggered denial of service in Nimiq's core-rs-albatross (versions prior to 1.4.0) allows a network-level attacker
Same weakness CWE-252 – Unchecked Return Value
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today