Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0.
Published: 2026-04-03
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A validator can propose a macro block with an interlink that does not match the canonical next interlink. The block passes early verification in verify_macro_block_proposal, so honest validators prevote and precommit the proposal hash. Later, when the block is pushed, verify_block rejects it with an InvalidInterlink error, forcing the validator to discard a block it has already voted for. This mismatch can lead to temporary consensus instability or a denial of service condition, as validators waste time voting for a block that will eventually be rejected.

Affected Systems

The vulnerability affects the Rust implementation of the Nimiq Proof‑of‑Stake protocol, core‑rs‑albatross, in all releases prior to 1.3.0. The issue was fixed in the 1.3.0 release. Nodes running older versions should be upgraded to address the flaw.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The flaw is not yet marked as a known exploit in the KEV catalog. An attacker would need control over an elected validator to craft a malformed macro block; ordinary network or external attackers cannot trigger the issue. Consequently, the risk is moderate but the exploitability window is narrow.

Generated by OpenCVE AI on April 13, 2026 at 18:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 1.3.0 or later of nimiq/core-rs-albatross
  • Verify that the running node is using a patched release
  • If upgrading is not immediately possible, monitor for repeated failed block proposals and consider temporarily withdrawing the validator from the network until a patch can be applied

Generated by OpenCVE AI on April 13, 2026 at 18:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nimiq:core-rs-albatross:*:*:*:*:*:rust:*:*

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Nimiq
Nimiq core-rs-albatross
Vendors & Products Nimiq
Nimiq core-rs-albatross

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0.
Title nimiq/core-rs-albatross: Macro block proposal interlink bug
Weaknesses CWE-345
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Nimiq Core-rs-albatross
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-06T15:42:21.027Z

Reserved: 2026-03-25T16:21:40.866Z

Link: CVE-2026-34061

cve-icon Vulnrichment

Updated: 2026-04-06T15:37:20.339Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T23:17:03.940

Modified: 2026-04-13T17:41:37.357

Link: CVE-2026-34061

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:41:40Z

Weaknesses