CVE-2026-35468 in core-rs-albatrossИнформация

Сводка (Английский)

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

GitHub_M

Резервировать

02.04.2026

Раскрытие

04.04.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИД	Уязвимость	CWE	Экс	Кон	CVE
355267	nimiq core-rs-albatross nimiq Proof-of-Stake Protocol blockchain.history_store.history_index эскалация привилегий	252	Не определено	Официальное исправление	CVE-2026-35468

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

◂ ПредыдущийОбзорДалее ▸

Want to know what is going to be exploited?

We predict KEV entries!