Description
Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.
Published: 2026-03-20
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

Bitcoin Core versions through 29.0 are vulnerable to a denial of service condition caused by a specially crafted transaction. The flaw allows an attacker to create a transaction that, when processed by the node, can consume excessive resources or trigger internal errors, resulting in the node becoming unresponsive or unable to process further work. The weakness is classified as CWE-405, indicating a failure to validate input or guard against erroneous conditions, which in this case leads to lost availability of the affected service.

Affected Systems

The vulnerability affects Bitcoin Core software on all platforms that run the affected builds. All releases up to and including version 29.0 are susceptible; newer releases are not listed as affected in the advisories. Users running these versions under any operating system are at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than 1% suggests that exploitation is considered unlikely under current threat conditions. The vulnerability is not in the CISA Known Exploited Vulnerabilities catalog. Attackers would need to construct a specific transaction and broadcast it to a target node, which may require some level of network access to the node or a broader network presence. The impact is limited to the faulty node, but repeated activations could degrade network performance if many nodes are affected.

Generated by OpenCVE AI on April 2, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the newest Bitcoin Core release that includes the fix (currently available in the latest stable release).
  • If an immediate upgrade is unavailable, monitor the node for abnormal transaction patterns and schedule an outage for patch deployment.
  • Check the Bitcoin Core release notes and community forums for additional guidance or interim mitigations.

Generated by OpenCVE AI on April 2, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Transaction in Bitcoin Core

Thu, 02 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Transaction in Bitcoin Core

Mon, 23 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-405
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Bitcoin
Bitcoin bitcoin Core
Vendors & Products Bitcoin
Bitcoin bitcoin Core

Fri, 20 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.
References

Subscriptions

Bitcoin Bitcoin Core
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-23T13:47:22.888Z

Reserved: 2025-04-25T00:00:00.000Z

Link: CVE-2025-46598

cve-icon Vulnrichment

Updated: 2026-03-23T13:45:25.972Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T15:16:15.147

Modified: 2026-04-02T12:18:14.317

Link: CVE-2025-46598

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:23:21Z

Weaknesses