Skip to main content

Core Rs Albatross

6 CVEs product

Monthly

CVE-2026-40094 MEDIUM PATCH This Month

Panic-triggered denial of service in Nimiq's core-rs-albatross (versions prior to 1.4.0) allows a network-level attacker to crash the node's RPC task by injecting a signed PeerContact with an empty addresses list into the libp2p peer discovery layer. The crash is deferred: the malicious contact is accepted and stored silently, but any subsequent call to get_address_book - from an RPC client or web client - triggers an unconditional Rust panic via .expect() on an empty iterator. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the low attack complexity and network-accessible vector make casual exploitation plausible against any exposed node operator workflow.

Denial Of Service Core Rs Albatross
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33471 Cargo CRITICAL PATCH GHSA Act Now

Integer truncation in Nimiq core-rs-albatross's skip block proof verification allows authenticated validators to forge consensus quorum with insufficient signatures. Prior to v1.3.0, attackers exploit usize-to-u16 casting during BitSet iteration by inserting indices spaced at 65536 intervals - these inflate the quorum count via len() but collapse onto identical u16 slots during BLS signature aggregation, enabling a single malicious validator to masquerade as 2f+1 signers and pass verification. CVSS 9.6 (Critical) reflects network vector with low complexity and changed scope impacting integrity and availability of the Proof-of-Stake consensus. No EPSS or KEV data available; vendor-released patch confirmed in v1.3.0 via GitHub advisory and commit d020590.

Information Disclosure Core Rs Albatross
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-32605 HIGH PATCH This Week

Nimiq core-rs-albatross validators prior to version 1.3.0 can be remotely crashed via malformed Tendermint proposals. An unauthenticated network attacker exploits an off-by-one bounds check error (using > instead of >=) to trigger an out-of-bounds index panic before signature verification occurs. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and EPSS 0.04%, this represents a straightforward denial-of-service vector against Proof-of-Stake validators in the Nimiq blockchain network, though no public exploit

Buffer Overflow Information Disclosure Core Rs Albatross
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40093 Cargo HIGH GHSA This Week

Timestamp manipulation in Nimiq Core Rust implementation (nimiq-blockchain 1.3.0 and earlier) allows authenticated block-producing validators to set arbitrarily future block timestamps, bypassing validation constraints and directly inflating the blockchain's monetary supply beyond the intended emission schedule through compromised Policy::supply_at() and batch_delay() reward calculations. The vulnerability exploits absent upper-bound wall-clock validation in non-skip and skip block timestamp verification logic, enabling integrity compromise of the blockchain's economic model. No public exploit identified at time of analysis.

Information Disclosure Core Rs Albatross
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-35468 MEDIUM This Month

Denial of service in Nimiq Core RS Albatross prior to version 1.3.0 allows remote attackers to crash full nodes by sending specially crafted consensus requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) when the node is operating without a history index. The vulnerability stems from unsafe unwrap() calls that panic when encountering a valid but unindexed state, affecting nodes during synchronization or when intentionally configured without history indexing.

Information Disclosure Core Rs Albatross
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33184 HIGH This Week

Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic denial-of-service via crafted peer handshake. Attackers send limit=0 during discovery handshake, causing arithmetic underflow (0-1 wraps to usize::MAX) when session transitions to Established state, resulting in capacity overflow panic when allocating peer contact vector. Upstream fix available (PR/commit); released patched version 1.3.0 confirmed. No public exploit identified at time of analysis, but EPSS indicates low exploitation probability and attack is trivially reproducible given simple network message crafting.

Buffer Overflow Integer Overflow Core Rs Albatross
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Panic-triggered denial of service in Nimiq's core-rs-albatross (versions prior to 1.4.0) allows a network-level attacker to crash the node's RPC task by injecting a signed PeerContact with an empty addresses list into the libp2p peer discovery layer. The crash is deferred: the malicious contact is accepted and stored silently, but any subsequent call to get_address_book - from an RPC client or web client - triggers an unconditional Rust panic via .expect() on an empty iterator. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, though the low attack complexity and network-accessible vector make casual exploitation plausible against any exposed node operator workflow.

Denial Of Service Core Rs Albatross
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Integer truncation in Nimiq core-rs-albatross's skip block proof verification allows authenticated validators to forge consensus quorum with insufficient signatures. Prior to v1.3.0, attackers exploit usize-to-u16 casting during BitSet iteration by inserting indices spaced at 65536 intervals - these inflate the quorum count via len() but collapse onto identical u16 slots during BLS signature aggregation, enabling a single malicious validator to masquerade as 2f+1 signers and pass verification. CVSS 9.6 (Critical) reflects network vector with low complexity and changed scope impacting integrity and availability of the Proof-of-Stake consensus. No EPSS or KEV data available; vendor-released patch confirmed in v1.3.0 via GitHub advisory and commit d020590.

Information Disclosure Core Rs Albatross
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Nimiq core-rs-albatross validators prior to version 1.3.0 can be remotely crashed via malformed Tendermint proposals. An unauthenticated network attacker exploits an off-by-one bounds check error (using > instead of >=) to trigger an out-of-bounds index panic before signature verification occurs. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and EPSS 0.04%, this represents a straightforward denial-of-service vector against Proof-of-Stake validators in the Nimiq blockchain network, though no public exploit

Buffer Overflow Information Disclosure Core Rs Albatross
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Timestamp manipulation in Nimiq Core Rust implementation (nimiq-blockchain 1.3.0 and earlier) allows authenticated block-producing validators to set arbitrarily future block timestamps, bypassing validation constraints and directly inflating the blockchain's monetary supply beyond the intended emission schedule through compromised Policy::supply_at() and batch_delay() reward calculations. The vulnerability exploits absent upper-bound wall-clock validation in non-skip and skip block timestamp verification logic, enabling integrity compromise of the blockchain's economic model. No public exploit identified at time of analysis.

Information Disclosure Core Rs Albatross
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Denial of service in Nimiq Core RS Albatross prior to version 1.3.0 allows remote attackers to crash full nodes by sending specially crafted consensus requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) when the node is operating without a history index. The vulnerability stems from unsafe unwrap() calls that panic when encountering a valid but unindexed state, affecting nodes during synchronization or when intentionally configured without history indexing.

Information Disclosure Core Rs Albatross
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Integer underflow in Nimiq core-rs-albatross <1.3.0 enables unauthenticated remote attackers to trigger deterministic denial-of-service via crafted peer handshake. Attackers send limit=0 during discovery handshake, causing arithmetic underflow (0-1 wraps to usize::MAX) when session transitions to Established state, resulting in capacity overflow panic when allocating peer contact vector. Upstream fix available (PR/commit); released patched version 1.3.0 confirmed. No public exploit identified at time of analysis, but EPSS indicates low exploitation probability and attack is trivially reproducible given simple network message crafting.

Buffer Overflow Integer Overflow Core Rs Albatross
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy