Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available.
Published: 2026-02-27
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Node Crash via Validator Exclusion
Action: Upgrade
AI Analysis

Impact

The flaw stems from missing validation that a header’s body_root matches the hash of the actual macro body. Prior to v1.2.2, a malicious or compromised validator elected as proposer could submit a proposal with a mismatched body_root. The proposal passes initial checks, but downstream code expects the binding and may panic on the mismatch, causing the validator to crash. This results in denial‑of‑service for the impacted node while leaving the network functional but with a reduced set of healthy validators.

Affected Systems

The vulnerability affects the nimiq core-rs-albatross implementation of the Nimiq Proof‑of‑Stake blockchain. All validator nodes running versions older than 1.2.2 are susceptible. The fix is included in release v1.2.2.

Risk and Exploitability

The CVSS score is 7.1, indicating a high severity. The EPSS score is less than 1 %, so exploitation is considered unlikely at present. The vulnerability is not listed in CISA’s KEV catalog. An attacker must control a validator and be elected as proposer to exploit it; thus the attack vector is internal validator election, and the impact is limited to the compromised node. A crash of the validator can disrupt the consensus process if the node holds a significant stake, but the network can tolerate a few nodes going offline. As no public workaround exists, the recommendation is to apply the patch.

Generated by OpenCVE AI on April 17, 2026 at 13:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the v1.2.2 patch or newer to all validator nodes.
  • Restart the validator services after the patch to clear any stale state.
  • Perform a network health check to confirm consensus remains functional and the node is participating normally.

Generated by OpenCVE AI on April 17, 2026 at 13:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Nimiq
Nimiq core-rs-albatross
Vendors & Products Nimiq
Nimiq core-rs-albatross

Fri, 27 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
Description nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available.
Title nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification
Weaknesses CWE-354
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Nimiq Core-rs-albatross
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-03T20:31:59.946Z

Reserved: 2026-02-27T15:33:57.289Z

Link: CVE-2026-28402

cve-icon Vulnrichment

Updated: 2026-03-03T20:31:55.709Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-02-27T22:16:23.343

Modified: 2026-03-02T20:30:10.923

Link: CVE-2026-28402

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:00:15Z

Weaknesses