Security researchers disclose a CometBFT zero-day vulnerability that will not directly result in asset theft.

Security researcher Doyeon Park announced on X that he discovered and disclosed a high-severity CVSS 7.1 zero-day vulnerability in the Cosmos consensus layer (CometBFT). This vulnerability could cause network nodes to stall during block synchronization, thereby affecting system operation—but it cannot directly lead to asset theft. Doyeon Park stated that he made every effort to follow the Coordinated Vulnerability Disclosure (CVD) process; however, due to the project team’s lack of cooperation and “irresponsible decisions,” he ultimately chose to publicly disclose the vulnerability details, adding that any resulting security risks would be borne by the relevant project teams.