CVE-2026-34069

Published: Apr 14, 2026 Last Modified: Apr 14, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low

Description

AI Translation Available

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on 'is on main chain', then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 3 Days)

617

Reachable Assertion

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Crash, Exit, Or Restart
Applicable Platforms
Languages: C, Java, Not Language-Specific, Rust
View CWE Details
https://github.com/nimiq/core-rs-albatross/commit/ae6c1e923…
https://github.com/nimiq/core-rs-albatross/commit/ae6c1e92342e72f80fd12accbe66e…
https://github.com/nimiq/core-rs-albatross/pull/3660
https://github.com/nimiq/core-rs-albatross/pull/3660
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.…
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
https://github.com/nimiq/core-rs-albatross/security/advisor…
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-48m6-486p-9…