Vulnerability in Ultradagcom Core

CVE-2026-40583

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation h…

EPSS: 0.001 (24.7th percentile) — read the EPSS interpretation.

Affected products

Ultradagcom Core — versions = 0.1

Weakness classification (CWE)

References

https://github.com/UltraDAGcom/core/security/advisories/GHSA-q8wx-2crx-c7pp (x_refsource_CONFIRM)
https://github.com/UltraDAGcom/core/commit/2f5a3a237ea519b48d71e6e3093c89f60694c7be (x_refsource_MISC)
https://github.com/UltraDAGcom/core/commit/45bcf7064741897319b6196d3d9f9e1307093511 (x_refsource_MISC)