Cyber Resilience

CVE-2026-4931

High

Published: 07 April 2026

Published
07 April 2026
Modified
22 May 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS Score 0.0026 16.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4931 is a high-severity Incorrect Conversion between Numeric Types (CWE-681) vulnerability in Marginal V1-Core. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Financial Theft (T1657); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1657 Financial Theft Impact
Adversaries may steal monetary resources from targets through extortion, social engineering, technical theft, or other methods aimed at their own financial gain at the expense of the availability of these resources for victims.
Why these techniques?

Unsafe downcast in debt/asset settlement logic directly enables financial theft by allowing large positions to be closed at negligible cost.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

marginal
v1-core
≤ 1.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References