Description
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
Published: 2026-05-05
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Bitcoin Core contains an undisclosed authorization control vulnerability first appearing in release 0.14 and persisting through the 28.x series. The flaw is classified as CWE‑284, indicating a lack of proper authorization checks; as a result, an attacker could potentially perform actions or modify configuration that should be restricted, thereby jeopardizing confidentiality, integrity, or availability of a node. The vendor has not released further details, so the exact capabilities remain unknown.

Affected Systems

All Bitcoin Core nodes from version 0.14 up to the current 28.x series are affected. This includes operators of full nodes, light clients that rely on the core back‑end, and any service built on top of Bitcoin Core without a patch. Users on these versions should treat their installations as vulnerable until an official fix is released.

Risk and Exploitability

The CVSS score of 7.5 indicates a high‑impact vulnerability; the EPSS score suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalogue. The CVE description does not disclose the precise exploitation mechanism, so any potential attack path remains uncertain.

Generated by OpenCVE AI on May 6, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest patched Bitcoin Core release once the vendor publishes an update.
  • If a patch is not yet available, limit inbound network connections or apply a firewall rule that restricts access to the node’s listening port to trusted peers.
  • Continuously monitor node logs and network traffic for anomalous patterns that could indicate exploitation attempts.

Generated by OpenCVE AI on May 6, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Undisclosed Authorization Control Vulnerability in Bitcoin Core

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Undisclosed Security Issue in Bitcoin Core Affecting Versions 0.14 and Up
Weaknesses CWE-200

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 05 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Bitcoincore
Bitcoincore bitcoin Core
Vendors & Products Bitcoincore
Bitcoincore bitcoin Core

Tue, 05 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Undisclosed Security Issue in Bitcoin Core Affecting Versions 0.14 and Up
Weaknesses CWE-200

Tue, 05 May 2026 20:00:00 +0000

Type Values Removed Values Added
Description Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
References

Subscriptions

Bitcoincore Bitcoin Core
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-06T15:26:02.010Z

Reserved: 2024-11-18T00:00:00.000Z

Link: CVE-2024-52911

cve-icon Vulnrichment

Updated: 2026-05-06T13:01:15.658Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-05T20:16:34.923

Modified: 2026-05-07T15:53:49.717

Link: CVE-2024-52911

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T23:30:16Z

Weaknesses