CVE-2026-28402— nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-28402
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification
Source: NVD (National Vulnerability Database)
Vulnerability Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
完整性检查值验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
core-rs-albatross 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
core-rs-albatross是Nimiq开源的一个Albatross协议的Rust实现。 core-rs-albatross 1.2.2之前版本存在安全漏洞,该漏洞源于宏区块提案验证未检查header.body_root与实际宏体哈希的绑定,可能导致验证器节点崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nimiq | core-rs-albatross | < 1.2.2 | - |
II. Public POCs for CVE-2026-28402
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-28402
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: core-rs-albatross
- CVE-2026-34069
nimiq-consensus panics via RequestMacroChain micro-block loc - CVE-2026-32605
Nimiq: Remote crash via off-by-one signer bounds check in pr - CVE-2026-40093
nimiq-blockchain is missing a wall-clock upper bound on bloc - CVE-2026-35468
nimiq/core-rs-albatross: Panic in history index request hand - CVE-2026-33184
nimiq/core-rs-albatross: Discovery handshake limit could und
Same vendor: nimiq
- CVE-2026-34068
nimiq-transaction: UpdateValidator transactions allows votin - CVE-2026-34067
nimiq-transaction vulnerable to panic via `HistoryTreeProof` - CVE-2026-34066
nimiq-blockchain: Peer-triggerable panic during history sync - CVE-2026-34065
nimiq-primitives: Node crash due to missing interlink valida - CVE-2026-34064
nimiq-account: Vesting insufficient funds error can panic
Same weakness: CWE-354
- CVE-2026-32148
Lockfile checksums not verified in Hex allows dependency int - CVE-2026-32105
xrdp: RDP MAC signature (dataSignature) never verified on re - CVE-2026-5479
wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag - CVE-2026-5504
PKCS7 CBC Padding Oracle — Plaintext Recovery - CVE-2026-26928
Lack of Dynamic Library Validation in SzafirHost
V. Comments for CVE-2026-28402
No comments yet