Auth bypass in Ultradagcom Core

CVE-2026-42278

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "…

EPSS: 0.000 (4.5th percentile) — read the EPSS interpretation.

Affected products

Ultradagcom Core — versions < fb6ef59d6c1385400e7acea7ae31fc6a473c3051

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)