Researchers: Cosmos consensus layer CometBFT has a high-risk vulnerability, which was publicly disclosed due to vendor oversight.

CoinFeed reported on April 22 that security researcher Doyeon Park disclosed a high-risk zero-day vulnerability (CVSS 7.1) in the Cosmos consensus layer CometBFT, which could cause nodes to freeze during block synchronization, affecting a network protecting over $8 billion in assets. This vulnerability does not allow for direct asset theft. Park stated that his attempts to coordinate vulnerability disclosure were unsuccessful due to the vendor's lack of cooperation and refusal to publicly report, leading him to ultimately decide to disclose the vulnerability publicly. The vendor had previously downgraded a similar vulnerability (CVE-2025-24371) to an "informative" level, disregarding international standards.