The vulnerability CVE-2026-28402 affects the nimiq/core-rs-albatross project, a Rust implementation of the Nimiq Proof-of-Stake consensus protocol based on the Albatross algorithm. Prior to version 1.2.2, the system fails to properly validate the integrity check value binding between the macro block proposal header's body_root field and the actual hash of the macro block body. Specifically, a malicious or compromised validator node acting as proposer can craft a macro block proposal where header.body_root does not match the hash of the macro body. The proposal verification process validates the header but omits verifying that body_root equals the hash of the body, allowing the malformed proposal to pass initial checks. However, subsequent code assumes this binding is valid and attempts to use it, which leads to a panic and crashes the validator node. This results in a denial-of-service condition for validator nodes processing the proposal. The vulnerability is classified under CWE-354 (Improper Validation of Integrity Check Value). Exploitation requires the attacker to have validator privileges and be elected proposer but does not require user interaction. The vulnerability has a CVSS v3.1 score of 7.1 (high severity), reflecting its network attack vector, low complexity, required privileges, and high impact on availability. The patch released in version 1.2.2 adds the missing verification step to ensure that the header.body_root matches the actual hash of the macro body during proposal validation, preventing malformed proposals from causing crashes. No known workarounds exist, so upgrading is essential. There are no known exploits in the wild at this time.

The primary impact of this vulnerability is a denial-of-service condition affecting validator nodes running vulnerable versions of nimiq/core-rs-albatross. By submitting a malformed macro block proposal with an invalid body root hash, a malicious or compromised validator acting as proposer can cause other validators to crash when processing the proposal. This can disrupt consensus operations, reduce network reliability, and potentially delay block finalization. Since the vulnerability affects only validator nodes, end users and non-validator nodes are not directly impacted. However, if multiple validators crash or are forced offline, the overall network security and availability could degrade, increasing the risk of further attacks or network instability. The requirement that the attacker be an elected proposer limits the attack surface but does not eliminate risk, especially in smaller or permissioned validator sets where a compromised validator could be more easily leveraged. The lack of workarounds means that vulnerable nodes remain exposed until patched, increasing operational risk for organizations running validator infrastructure. The impact on confidentiality and integrity is minimal, as the vulnerability does not allow data leakage or unauthorized data modification beyond the malformed proposal itself. The main concern is availability and network resilience.

The definitive mitigation is to upgrade all validator nodes running nimiq/core-rs-albatross to version 1.2.2 or later, which includes the patch that enforces proper validation of the body_root field against the macro body hash during proposal verification. Organizations should implement strict version control and update policies to ensure validators are not running vulnerable versions. Additionally, validators should monitor for abnormal crashes or panics that could indicate exploitation attempts. Network-level controls could be considered to restrict validator proposer roles to trusted entities, reducing the risk of malicious proposals. Implementing redundancy and failover mechanisms for validator nodes can help maintain network availability if some nodes crash. Since no workarounds exist, timely patching is critical. Validator operators should also audit their nodes for signs of compromise and ensure private keys and credentials are securely managed to prevent unauthorized proposer role abuse. Finally, participating in community security advisories and updates from the Nimiq project will help stay informed of any emerging threats or fixes.