2 matches found
CVE-2026-28402 nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...
CVE-2026-28402
The CVE concerns nimiq/core-rs-albatross (Rust Nimiq implementation). Before version 1.2.2, a proposer could publish a macro block where header.body_root does not equal hash(body); the macro proposal verification path validates the header but not the binding, potentially causing validators to pan...