CVE-2026-35468
Panic Vulnerability in nimiq/core-rs-albatross Consensus Handlers
Publication date: 2026-04-03
Last updated on: 2026-05-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nimiq | nimiq_proof-of-stake | From 1.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-252 | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the nimiq/core-rs-albatross Rust implementation of the Nimiq Proof-of-Stake protocol. Before version 1.3.0, two peer-facing consensus request handlers incorrectly assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. However, this assumption is false because HistoryStoreProxy::history_index() can return None when the node is syncing or running without the history index. A remote peer can exploit this by sending specific requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) that trigger an Option::unwrap() panic, causing the node to crash or become unavailable.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) condition by crashing the node when it receives certain requests from a remote peer. Since the node panics due to an unhandled None value, it can become unavailable or unstable, potentially disrupting the blockchain network operations or services relying on this node.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the nimiq/core-rs-albatross software to version 1.3.0 or later, where the issue has been patched.