TechFlow reports that on April 21, security researcher Doyeon Park posted on X, disclosing a high-severity CVSS 7.1 zero-day vulnerability in the Cosmos consensus layer (CometBFT). This vulnerability could cause network nodes to stall during block synchronization, thereby impacting system operation—but it cannot directly lead to asset theft. Doyeon Park stated that they had made every effort to follow the Coordinated Vulnerability Disclosure (CVD) process; however, due to the project team’s lack of cooperation and its “irresponsible decision,” they ultimately chose to publicly disclose the vulnerability details, noting that any resulting security risks would be borne by the relevant project teams.
Add to Favorites
Share to Social Media
