CVE-2026-28402

HIGH EPSS 10.5%
Published Feb 27, 20264mo ago · Modified May 4, 20261mo ago
7.1 CVSS 3.1
High
Find Similar
Published Feb 27, 2026 4mo ago
Last Modified May 4, 2026 1mo ago

Description

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available.

CVSS Details

Base Score
7.1
Exploitability
2.8
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability High

Threat Intelligence

EPSS Exploit Probability
10.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-354

Affected Products 1

VendorProductVersionRange
nimiqnimiq_proof-of-stake* <1.2.2

References 4

  • github.com https://github.com/nimiq/core-rs-albatross/commit/6454c26d966858c5520f55739a30b94c17656c85
    Patch
  • github.com https://github.com/nimiq/core-rs-albatross/pull/3623
    Patch
  • github.com https://github.com/nimiq/core-rs-albatross/releases/tag/v1.2.2
    Release Notes
  • github.com https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7wh6-rmxx-ww47
    Third Party Advisory

Remediation

  • github.com https://github.com/nimiq/core-rs-albatross/commit/6454c26d966858c5520f55739a30b94c17656c85
    Patch
  • github.com https://github.com/nimiq/core-rs-albatross/pull/3623
    Patch