Unsafe Downcasting Vulnerability in Marginal Protocol Smart Contracts
CVE-2026-4931

Currently unrated

Key Information:

Vendor: Marginal
Status: Marginal Smart Contract
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-4931?

The Marginal v1 smart contract is susceptible to a vulnerability due to unsafe downcasting of numeric types. This flaw enables malicious actors to exploit the system by settling large debt positions for minimal asset costs, creating a significant risk for financial loss. The incorrect conversion between numeric types can potentially lead to unintended behaviors in financial transactions, putting users at risk. It is crucial for developers and stakeholders to address this vulnerability promptly to safeguard their platforms.

Affected Version(s)

Marginal Smart Contract 1

References

https://cvefeed.io/cwe/detail/cwe-681-incorrect-conversio...

https://scs.owasp.org/SCWE/SCSVS-CODE/SCWE-041/

https://marginal.gitbook.io/docs

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-4931 Data

JSON