VYPR

Core Rs Albatross

by Nimiq

Source repositories

CVEs (14)

  • CVE-2026-28402HigFeb 27, 2026
    risk 0.46cvss 7.1epss 0.00

    nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root`…

  • CVE-2026-46545HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing…

  • CVE-2026-46541HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails…

  • CVE-2026-40092HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.01

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a…

  • CVE-2026-33184HigApr 3, 2026
    risk 0.42cvss 7.5epss 0.00

    nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck…

  • CVE-2025-47270HigMay 12, 2025
    risk 0.42cvss 7.5epss 0.01

    nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) attack due to uncontrolled memory…

  • CVE-2026-46540MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails…

  • CVE-2026-46539MedJun 10, 2026
    risk 0.31cvss 5.9epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return true without performing any cryptographic verification when…

  • CVE-2026-46543MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls…

  • CVE-2026-44505MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the…

  • CVE-2026-35468MedApr 3, 2026
    risk 0.27cvss 5.3epss 0.01

    nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call…

  • CVE-2026-34061MedApr 3, 2026
    risk 0.25cvss 4.9epss 0.00

    nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next…

  • CVE-2026-46542MedJun 10, 2026
    risk 0.21cvss 4.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in…

  • CVE-2026-40094MedMay 20, 2026
    risk 0.21cvss 4.3epss 0.00

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A…