CVE-2026-40093 in core-rs-albatrossinfo

Zusammenfassung

von MITRE • 10.04.2026

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

09.04.2026

Veröffentlichung

10.04.2026

Moderieren

akzeptiert

Eintrag

VDB-356772

CPE

bereit

CWE

CWE-1284 (bestätigt)

CVSS

8.1 (CNA)

EPSS

0.00025

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40093
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40093
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40093/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!