Non-Council Attacker Vulnerability in UltraDAG Blockchain by UltraDAG
CVE-2026-40583

8.8HIGH

Key Information:

Vendor

Ultradagcom

Status
Core
Vendor
CVE Published:
21 April 2026

What is CVE-2026-40583?

In the UltraDAG blockchain, version 0.1, a vulnerability allows a non-council attacker to successfully submit a signed SmartOp::Vote transaction. This transaction passes initial checks for signature, nonce, and balance, but the authorization is only validated after state mutation has occurred, potentially leading to unauthorized actions within the blockchain system.

Affected Version(s)

core = 0.1

References

https://github.com/UltraDAGcom/core/security/advisories/G...
x_refsource_CONFIRM
https://github.com/UltraDAGcom/core/commit/2f5a3a237ea519...
x_refsource_MISC
https://github.com/UltraDAGcom/core/commit/45bcf706474189...
x_refsource_MISC

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.