DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-33471: CVE-2026-33471: Consensus Quorum Bypass via Integer Truncation in Nimiq core-rs-albatross

#security #cve #cybersecurity

CVE-2026-33471: Consensus Quorum Bypass via Integer Truncation in Nimiq core-rs-albatross

Vulnerability ID: CVE-2026-33471
CVSS Score: 9.6
Published: 2026-04-22

An integer truncation vulnerability in the Nimiq Albatross Proof-of-Stake implementation allows a malicious validator to bypass the 2f+1 consensus quorum requirement. By crafting a BitSet with out-of-bounds indices that alias to the same 16-bit validator slot, an attacker can forge valid multi-signatures to finalize arbitrary blocks or manipulate chain liveness.

TL;DR

A critical flaw in core-rs-albatross prior to v1.3.0 permits integer truncation during multi-signature aggregation. Attackers with a single validator slot can use high-value indices that truncate to their valid slot, falsely inflating the signer count to bypass the consensus quorum.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-190, CWE-20, CWE-1284
  • Attack Vector: Network
  • CVSS v3.1: 9.6 (Critical)
  • Impact: Consensus Bypass, Remote Code Execution (State Transition Logic)
  • Exploit Status: Proof of Concept Available
  • CISA KEV: Not Listed

Affected Systems

  • Nimiq Proof-of-Stake Validators
  • Systems utilizing core-rs-albatross prior to v1.3.0
  • core-rs-albatross: < 1.3.0 (Fixed in: 1.3.0)

Code Analysis

Commit: d020590

Fix integer truncation and index aliasing in multisig verification

Mitigation Strategies

  • Upgrade core-rs-albatross to v1.3.0
  • Monitor serialized network proofs for anomalous BitSet indices exceeding Policy::SLOTS
  • Coordinate network-wide upgrades to avoid forks between patched and unpatched validators

Remediation Steps:

  1. Stop the running core-rs-albatross validator node.
  2. Fetch the v1.3.0 release from the official Nimiq repository.
  3. Compile or install the updated binary.
  4. Restart the validator and monitor consensus participation.

References

Read the full report for CVE-2026-33471 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)