Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-s3ah-w7ar-afhg
Summarynimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available.
Aliases
0
alias CVE-2026-28402
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28402
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01036
published_at 2026-06-13T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.0103
published_at 2026-06-12T12:55:00Z
2
value 9e-05
scoring_system epss
scoring_elements 0.01032
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28402
1
reference_url https://github.com/nimiq/core-rs-albatross/pull/3623
reference_id 3623
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:31:49Z/
url https://github.com/nimiq/core-rs-albatross/pull/3623
2
reference_url https://github.com/nimiq/core-rs-albatross/commit/6454c26d966858c5520f55739a30b94c17656c85
reference_id 6454c26d966858c5520f55739a30b94c17656c85
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:31:49Z/
url https://github.com/nimiq/core-rs-albatross/commit/6454c26d966858c5520f55739a30b94c17656c85
3
reference_url https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7wh6-rmxx-ww47
reference_id GHSA-7wh6-rmxx-ww47
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:31:49Z/
url https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7wh6-rmxx-ww47
4
reference_url https://github.com/nimiq/core-rs-albatross/releases/tag/v1.2.2
reference_id v1.2.2
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:31:49Z/
url https://github.com/nimiq/core-rs-albatross/releases/tag/v1.2.2
Weaknesses
0
cwe_id 354
name Improper Validation of Integrity Check Value
description The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Exploits
Severity_range_score7.1 - 7.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-s3ah-w7ar-afhg