Security researcher Doyeon Park states that a CVSS 7.1 CometBFT zero-day can freeze Cosmos nodes during block synchronization, prompting validators to avoid restarts until a patch is released.
Security researcher Doyeon Park disclosed a high-risk zero-day vulnerability in CometBFT, the consensus layer used by Cosmos-based networks, affecting chains securing more than $8 billion in assets. The flaw has a CVSS 7.1 severity rating and can freeze nodes during block synchronization, disrupting chain operation, but Park said it cannot directly steal assets. Park advised Cosmos validators not to restart nodes until a patch is available, adding an immediate mitigation step to the previously reported risk.