{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34061", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T16:21:40.866Z", "datePublished": "2026-04-03T22:07:40.969Z", "dateUpdated": "2026-04-06T15:42:21.027Z"}, "containers": {"cna": {"title": "nimiq/core-rs-albatross: Macro block proposal interlink bug", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gr83-j5f8-p2r5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gr83-j5f8-p2r5"}, {"name": "https://github.com/nimiq/core-rs-albatross/pull/3668", "tags": ["x_refsource_MISC"], "url": "https://github.com/nimiq/core-rs-albatross/pull/3668"}, {"name": "https://github.com/nimiq/core-rs-albatross/commit/9d7d17c9163384e79f61cdbbfe9853ae57bb8bf7", "tags": ["x_refsource_MISC"], "url": "https://github.com/nimiq/core-rs-albatross/commit/9d7d17c9163384e79f61cdbbfe9853ae57bb8bf7"}, {"name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0"}], "affected": [{"vendor": "nimiq", "product": "core-rs-albatross", "versions": [{"version": "< 1.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:07:40.969Z"}, "descriptions": [{"lang": "en", "value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0."}], "source": {"advisory": "GHSA-gr83-j5f8-p2r5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:37:16.058073Z", "id": "CVE-2026-34061", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:42:21.027Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T15:37:16.058073Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:37:20.339Z"}}], "cna": {"title": "nimiq/core-rs-albatross: Macro block proposal interlink bug", "source": {"advisory": "GHSA-gr83-j5f8-p2r5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "nimiq", "product": "core-rs-albatross", "versions": [{"status": "affected", "version": "< 1.3.0"}]}], "references": [{"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gr83-j5f8-p2r5", "name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gr83-j5f8-p2r5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nimiq/core-rs-albatross/pull/3668", "name": "https://github.com/nimiq/core-rs-albatross/pull/3668", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nimiq/core-rs-albatross/commit/9d7d17c9163384e79f61cdbbfe9853ae57bb8bf7", "name": "https://github.com/nimiq/core-rs-albatross/commit/9d7d17c9163384e79f61cdbbfe9853ae57bb8bf7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:07:40.969Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34061", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:42:21.027Z", "dateReserved": "2026-03-25T16:21:40.866Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T22:07:40.969Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0."}], "id": "CVE-2026-34061", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-03T23:17:03.940", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/nimiq/core-rs-albatross/commit/9d7d17c9163384e79f61cdbbfe9853ae57bb8bf7"}, {"source": "security-advisories@github.com", "url": "https://github.com/nimiq/core-rs-albatross/pull/3668"}, {"source": "security-advisories@github.com", "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gr83-j5f8-p2r5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core-rs-albatross", "source": "cna", "vendor": "nimiq"}, "product": "core-rs-albatross", "vendor": "nimiq"}], "analysis": {"en": {"generated_at": "2026-04-04T02:52:55.137787+00:00", "value": {"mitigation_remediation": ["Upgrade core\u2011rs\u2011albatross to version\u202f1.3.0 or later", "If an upgrade cannot be applied immediately, restrict the set of validators allowed to propose election macro blocks and monitor logs for InvalidInterlink errors", "Verify the validator set to eliminate rogue or malicious participants", "Follow any additional guidance from Nimiq security advisories and apply recommended best practices"], "summary": {"action": "Patch", "impact": "Consensus disruption and potential service interruption"}, "threat_synthesis": {"affected_systems": "All releases of the Rust implementation of the Nimiq Proof\u2011of\u2011Stake protocol, core\u2011rs\u2011albatross, prior to version\u202f1.3.0 are affected. The issue was fixed in v1.3.0 and subsequent releases.", "description_and_impact": "A flaw in the macro block validation logic permits a validator to submit an election macro block whose header interlink does not match the expected canonical interlink. Honest validators accept the proposal during the verification stage because the interlink binding is not checked for election blocks, but the block is later rejected during finalization with an InvalidInterlink error. This causes the block to be discarded after consensus has already been reached, disrupting the normal operation of the network.", "risk_and_exploitability": "The CVSS score of 4.9 indicates a moderate severity, and EPSS data is unavailable. The likely attack vector is a malicious or compromised validator that has been elected to propose an election macro block, so the threat is limited to insiders or colluding validators. The impact is a brief service interruption that may affect network stability, but widespread exploitation is expected to be low to moderate. The vulnerability is not listed in the KEV catalog, suggesting it has not yet been widely exploited."}}}}, "created": "2026-04-06T21:22:14.216428+00:00", "updated": "2026-04-06T22:21:51.458186+00:00", "vendors": ["nimiq", "nimiq$PRODUCT$core-rs-albatross"]}