CVE-2026-32605

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.3.0

Description An untrusted peer can cause a validator to crash. This occurs when a signed tendermint proposal message is published where the signer is equal to validators.num validators(). The ProposalSender::send() function uses a greater-than operator instead of a greater-than-or-equal-to operator for the signer bounds check. This allows the equality case to proceed to the validators.get validator by slot band(signer) function, which triggers a panic due to an out-of-bounds index before signature verification occurs.

Recommendations Update to version 1.3.0.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-193

Related Identifiers

CVE-2026-32605

Affected Products

Core-Rs-Albatross

CVE-2026-32605

Weakness Enumeration

Related Identifiers

Affected Products

References · 8