CVE-2026-4931

low-risk
Published 2026-04-07

Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
NETWORK / HIGH complexity

References (5)

https://cvefeed.io/cwe/detail/cwe-681-incorrect-conversion-between-numeric-types
https://github.com/MarginalProtocol
https://marginal.gitbook.io/docs
https://medium.com/@clarkcorrin/cve-2026-4931-how-spearbits-cantina-denied-a-cri...
https://scs.owasp.org/SCWE/SCSVS-CODE/SCWE-041/
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal