CVE-2026-34069

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.3.0

Description An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. This occurs when a RequestMacroChain message is sent where the first locator hash on the victim's main chain is a micro block hash instead of a macro block hash. The RequestMacroChain::handle handler selects the locator based only on whether it is on the main chain, then calls get macro blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro).

Recommendations Update to version 1.3.0.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

CVE-2026-34069

GHSA-48M6-486P-9J8P

Affected Products

Core-Rs-Albatross

CVE-2026-34069

Weakness Enumeration

Related Identifiers

Affected Products

References · 10