CVE-2026-35468
Published: 03 April 2026
Summary
CVE-2026-35468 is a medium-severity Unchecked Return Value (CWE-252) vulnerability in Nimiq Nimiq Proof-Of-Stake. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the unchecked Option::unwrap() panic by requiring the system to handle errors from HistoryStoreProxy::history_index() without compromising availability.
Implements denial-of-service protections at peer-facing entry points to block or mitigate RequestTransactionsProof and RequestTransactionReceiptsByAddress messages that crash syncing nodes.
Ensures timely remediation of the specific flaw in consensus request handlers via patching to version 1.3.0, eliminating the vulnerable assumption about history index availability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated messages trigger panic/crash in public-facing node request handlers, directly enabling application exploitation for endpoint denial of service.
NVD Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is…
more
false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
Deeper analysisAI
CVE-2026-35468 is a denial-of-service vulnerability in nimiq/core-rs-albatross, a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers incorrectly assume the history index is always available, directly calling blockchain.history_store.history_index().unwrap(). This assumption fails because HistoryStoreProxy::history_index() returns None in the valid HistoryStoreProxy::WithoutIndex state, such as when a full node is syncing or operating without the index. The issue corresponds to CWE-252 (Unchecked Return Value) and carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
A remote, unauthenticated attacker can exploit this vulnerability by sending RequestTransactionsProof or RequestTransactionReceiptsByAddress messages to a vulnerable full node in the specified state. This triggers an Option::unwrap() panic in the request handling path, causing the node to crash and temporarily disrupting availability.
The vulnerability has been addressed in version 1.3.0 of nimiq/core-rs-albatross. Security practitioners should upgrade to this patched release, as detailed in the project's security advisory (GHSA-xr78-2jhh-9wf9), the associated pull request (#3667), commit (0e5c90a6c75b722f3d6091769776a4040e694dba), and release notes.
Details
- CWE(s)