CVE-2026-28402
Received Received - Intake
Macro Block Proposal Validation Bypass in nimiq/core-rs-albatross Causes Validator Crash

Publication date: 2026-02-27

Last updated on: 2026-05-04

Assigner: GitHub, Inc.

Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-02-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28402
EUVD
EUVD-2026-9074
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nimiq nimiq_proof-of-stake to 1.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-354 The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the nimiq/core-rs-albatross Rust implementation of the Nimiq Proof-of-Stake protocol. Before version 1.2.2, a malicious or compromised validator elected as proposer can publish a macro block proposal where the header's body_root does not match the actual macro body hash.

The proposal can pass verification because the verification process checks the header but does not verify that the body_root equals the hash of the body. Later code assumes this binding is true and may panic if there is a mismatch, causing validator nodes to crash.

This issue affects only validator nodes and was fixed in version 1.2.2 by adding the missing body root verification in the proposal checks.

Impact Analysis

The vulnerability can cause validator nodes to crash due to a panic triggered by a mismatch between the header's body_root and the actual macro body hash in a macro block proposal.

Since the impact is limited to validator nodes, it can disrupt the operation and stability of those nodes, potentially affecting the consensus process and network reliability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade your nimiq/core-rs-albatross validator nodes to version 1.2.2 or later, which includes the patch that adds the necessary body root verification in the proposal checks.

No known workarounds are available, so applying the official patch is the immediate recommended action.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28402. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart