CVE-2026-40583— UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40583
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt
Source: NVD (National Vulnerability Database)
Vulnerability Description
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
抛出异常的清理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
UltraDAG 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
UltraDAG是UltraDAGcom个人开发者的一个轻量级物联网区块链。 UltraDAG 0.1版本存在安全漏洞,该漏洞源于非理事会攻击者可以提交已签名的SmartOp::Vote交易,该交易通过签名、随机数和余额预检查,但在状态突变发生后才授权失败。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| UltraDAGcom | core | = 0.1 | - |
II. Public POCs for CVE-2026-40583
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40583
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: core
- CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets - CVE-2026-34578
OPNsense has an LDAP Injection via Unsanitized Username in A - CVE-2026-34762
Ella Core Has Audit Log Falsification via Path/Body IMSI Mis - CVE-2026-34761
Ella Core Panics Upon NGAP handover failure - CVE-2026-33907
Ella Core Panics during NAS Authentication Response/Failure
Same weakness: CWE-460
V. Comments for CVE-2026-40583
No comments yet