{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35468", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T20:49:44.452Z", "datePublished": "2026-04-03T22:10:06.156Z", "dateUpdated": "2026-04-06T17:22:04.161Z"}, "containers": {"cna": {"title": "nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs without the history index", "problemTypes": [{"descriptions": [{"cweId": "CWE-252", "lang": "en", "description": "CWE-252: Unchecked Return Value", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-xr78-2jhh-9wf9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-xr78-2jhh-9wf9"}, {"name": "https://github.com/nimiq/core-rs-albatross/pull/3667", "tags": ["x_refsource_MISC"], "url": "https://github.com/nimiq/core-rs-albatross/pull/3667"}, {"name": "https://github.com/nimiq/core-rs-albatross/commit/0e5c90a6c75b722f3d6091769776a4040e694dba", "tags": ["x_refsource_MISC"], "url": "https://github.com/nimiq/core-rs-albatross/commit/0e5c90a6c75b722f3d6091769776a4040e694dba"}, {"name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0"}], "affected": [{"vendor": "nimiq", "product": "core-rs-albatross", "versions": [{"version": "< 1.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:10:06.156Z"}, "descriptions": [{"lang": "en", "value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0."}], "source": {"advisory": "GHSA-xr78-2jhh-9wf9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T17:21:56.424442Z", "id": "CVE-2026-35468", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T17:22:04.161Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35468", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T17:21:56.424442Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T17:21:59.965Z"}}], "cna": {"title": "nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs without the history index", "source": {"advisory": "GHSA-xr78-2jhh-9wf9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "nimiq", "product": "core-rs-albatross", "versions": [{"status": "affected", "version": "< 1.3.0"}]}], "references": [{"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-xr78-2jhh-9wf9", "name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-xr78-2jhh-9wf9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nimiq/core-rs-albatross/pull/3667", "name": "https://github.com/nimiq/core-rs-albatross/pull/3667", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nimiq/core-rs-albatross/commit/0e5c90a6c75b722f3d6091769776a4040e694dba", "name": "https://github.com/nimiq/core-rs-albatross/commit/0e5c90a6c75b722f3d6091769776a4040e694dba", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-252", "description": "CWE-252: Unchecked Return Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:10:06.156Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35468", "state": "PUBLISHED", "dateUpdated": "2026-04-06T17:22:04.161Z", "dateReserved": "2026-04-02T20:49:44.452Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T22:10:06.156Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nimiq:nimiq_proof-of-stake:*:*:*:*:*:rust:*:*", "matchCriteriaId": "F1D1AFE5-536A-424A-B7D3-AFCE79533E39", "versionEndIncluding": "1.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0."}], "id": "CVE-2026-35468", "lastModified": "2026-05-05T18:17:13.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T23:17:06.963", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nimiq/core-rs-albatross/commit/0e5c90a6c75b722f3d6091769776a4040e694dba"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nimiq/core-rs-albatross/pull/3667"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-xr78-2jhh-9wf9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "core-rs-albatross", "source": "cna", "vendor": "nimiq"}, "product": "core-rs-albatross", "vendor": "nimiq"}], "analysis": {"en": {"generated_at": "2026-04-09T17:33:00.054080+00:00", "value": {"mitigation_remediation": ["Update Nimiq core\u2011rs\u2011albatross to version\u202f1.3.0 or later to receive the fix for the panic condition.", "If an upgrade is not immediately possible, configure the node to enable the history index or restrict message handling so that unsupported requests are dropped instead of causing a panic.", "Verify that the node is operating with the history index enabled before exposing it to unknown peers to prevent accidental crashes."], "summary": {"action": "Immediate Patch", "impact": "Service disruption (node crash)"}, "threat_synthesis": {"affected_systems": "The issue affects the Rust implementation of the Nimiq Proof\u2011of\u2011Stake protocol, core-rs-albatross, in all versions prior to 1.3.0. Any deployment that operates a full node without a history index is potentially exposed.", "description_and_impact": "The vulnerability is an unchecked Option unwrap that triggers a panic in Nimiq core-rs-albatross when a full node handles certain consensus requests while running without the history index. This panic causes the node to terminate, effectively denying service to the network. Attacking the node can be accomplished by sending specific requests such as RequestTransactionsProof or RequestTransactionReceiptsByAddress that exercise the vulnerable path.", "risk_and_exploitability": "The CVSS score of 5.3 indicates medium severity, and the EPSS score is below 1\u202f%, suggesting a low but non\u2011zero likelihood of exploitation. The vulnerability is not listed in CISA's KEV catalog. The attack vector is inferred to be remote: a peer can trigger the panic by sending the relevant consensus requests to a node that lacks the history index. Exploitation requires the node to be configured without the history index, meaning the risk is limited to misconfigured deployments."}}}}, "created": "2026-04-06T21:22:12.099399+00:00", "updated": "2026-04-10T09:45:35.439031+00:00", "vendors": ["nimiq", "nimiq$PRODUCT$core-rs-albatross"]}