CVE-2026-35468
Analyzed Analyzed - Analysis Complete
Panic Vulnerability in nimiq/core-rs-albatross Consensus Handlers

Publication date: 2026-04-03

Last updated on: 2026-05-05

Assigner: GitHub, Inc.

Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nimiq nimiq_proof-of-stake From 1.2.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the nimiq/core-rs-albatross Rust implementation of the Nimiq Proof-of-Stake protocol. Before version 1.3.0, two peer-facing consensus request handlers incorrectly assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. However, this assumption is false because HistoryStoreProxy::history_index() can return None when the node is syncing or running without the history index. A remote peer can exploit this by sending specific requests (RequestTransactionsProof or RequestTransactionReceiptsByAddress) that trigger an Option::unwrap() panic, causing the node to crash or become unavailable.

Impact Analysis

This vulnerability can cause a denial of service (DoS) condition by crashing the node when it receives certain requests from a remote peer. Since the node panics due to an unhandled None value, it can become unavailable or unstable, potentially disrupting the blockchain network operations or services relying on this node.

Mitigation Strategies

To mitigate this vulnerability, upgrade the nimiq/core-rs-albatross software to version 1.3.0 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart