CVE-2026-35468
Analyzed Analyzed - Analysis Complete

Panic Vulnerability in nimiq/core-rs-albatross Consensus Handlers

Vulnerability report for CVE-2026-35468, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-03

Last updated on: 2026-05-05

Assigner: GitHub, Inc.

Description

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-03
Last Modified
2026-05-05
Generated
2026-07-06
AI Q&A
2026-04-04
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nimiq nimiq_proof-of-stake From 1.2.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in the nimiq/core-rs-albatross Rust implementation of the Nimiq Proof-of-Stake protocol. Before version 1.3.0, two peer-facing consensus request handlers incorrectly assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. However, this assumption is false because HistoryStoreProxy::history_index() can return None when the node is syncing or running without the history index. A remote peer can exploit this by sending specific requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) that trigger an Option::unwrap() panic, causing the node to crash or become unavailable.

Impact Analysis

This vulnerability can cause a denial of service (DoS) condition by crashing the node when it receives certain requests from a remote peer. Since the node panics due to an unhandled None value, it can become unavailable or unstable, potentially disrupting the blockchain network operations or services relying on this node.

Mitigation Strategies

To mitigate this vulnerability, upgrade the nimiq/core-rs-albatross software to version 1.3.0 or later, where the issue has been patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart