CVE-2026-44697

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

CVE-2026-28402

The CVE concerns nimiq/core-rs-albatross (Rust Nimiq implementation). Before version 1.2.2, a proposer could publish a macro block where header.body_root does not equal hash(body); the macro proposal verification path validates the header but not the binding, potentially causing validators to pan...

CVE-2026-28402 nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

PT-2026-22404

Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.2.2 Description A malicious or compromised validator, if elected as a proposer, could publish a macro block proposal where the header.body root does not match the actual macro body hash. Proposal...