CVE-2026-34068

CVE-2026-34068 is a medium-severity vulnerability in Nimiq Nimiq Proof-of-stake with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-347.

Key facts

Description

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts `UpdateValidator` transactions that set `new_voting_key=Some(...)` while omitting `new_proof_of_knowledge`. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block justification verification aggregates validator voting keys and verifies a single aggregated BLS signature against that aggregate public key, a rogue-key voting key in the validator set can allow an attacker to forge a quorum-looking justification while only producing a single signature. While the impact is critical, the exploitability is low: The voting keys are fixed for the epoch, so the attacker would need to know the next epoch validator set (chosen through VRF), which is unlikely. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.

Frequently asked questions

What is CVE-2026-34068?
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts `UpdateValidator` transactions that set `new_voting_key=Some(...)` while omitting `new_proof_of_knowledge`. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block justification verification aggregates validator voting keys and verifies a single aggregated BLS signature against that aggregate public key, a rogue-key voting key in the validator set can allow an attacker to forge a quorum-looking justification while only producing a single signature. While the impact is critical, the exploitability is low: The voting keys are fixed for the epoch, so the attacker would need to know the next epoch validator set (chosen through VRF), which is unlikely. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
How severe is CVE-2026-34068?
CVE-2026-34068 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability none.
Is CVE-2026-34068 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (10th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2026-34068?
CVE-2026-34068 affects Nimiq Nimiq Proof-of-stake. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2026-34068?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2026-34068 have an EU (EUVD) identifier?
Yes. CVE-2026-34068 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-25086.
When was CVE-2026-34068 published?
CVE-2026-34068 was published on 2026-04-22 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Nimiq Nimiq Proof-of-stake

All CVEs affecting Nimiq Nimiq Proof-of-stake →

Other CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities

Browse all CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities →