Skip to main content

Ultradag

1 CVEs product

Monthly

CVE-2026-40583 HIGH NEWS This Week

State corruption in UltraDAG 0.1 allows remote unauthenticated attackers to bypass authorization controls and manipulate blockchain state integrity through malformed SmartOp::Vote transactions. The vulnerability enables attackers to trigger state mutations before authorization checks complete, causing high availability impact and low integrity impact to the blockchain. No active exploitation or public POC has been identified, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations. Upstream fixes are available via GitHub commits but no tagged release version has been confirmed.

Information Disclosure Ultradag
NVD GitHub
CVSS 4.0
8.8
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

State corruption in UltraDAG 0.1 allows remote unauthenticated attackers to bypass authorization controls and manipulate blockchain state integrity through malformed SmartOp::Vote transactions. The vulnerability enables attackers to trigger state mutations before authorization checks complete, causing high availability impact and low integrity impact to the blockchain. No active exploitation or public POC has been identified, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against default configurations. Upstream fixes are available via GitHub commits but no tagged release version has been confirmed.

Information Disclosure Ultradag
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy