VYPR
High severity8.2NVD Advisory· Published Apr 21, 2026· Updated Apr 27, 2026

CVE-2026-40583

CVE-2026-40583

Description

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ultradag/Ultradag2 versions
    cpe:2.3:a:ultradag:ultradag:0.1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ultradag:ultradag:0.1.0:*:*:*:*:*:*:*
    • (no CPE)range: =0.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.