CVE-2026-34069
CVE-2026-34069 is a medium-severity vulnerability in Nimiq Nimiq Proof-of-stake with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-617.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- EPSS exploit prediction: 0% (21st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-22160
- Weakness: CWE-617
- Affected product: Nimiq Nimiq Proof-of-stake
- Published:
- Last modified:
Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on "is on main chain", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.
Frequently asked questions
- What is CVE-2026-34069?
- nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on "is on main chain", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.
- How severe is CVE-2026-34069?
- CVE-2026-34069 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2026-34069 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (21st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-34069?
- CVE-2026-34069 affects Nimiq Nimiq Proof-of-stake. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-34069?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-34069 have an EU (EUVD) identifier?
- Yes. CVE-2026-34069 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-22160.
- When was CVE-2026-34069 published?
- CVE-2026-34069 was published on 2026-04-14 and last updated on 2026-06-17.
References
- https://github.com/nimiq/core-rs-albatross/commit/ae6c1e92342e72f80fd12accbe66ee80dd6802ac
- https://github.com/nimiq/core-rs-albatross/pull/3660
- https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
- https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-48m6-486p-9j8p
Affected products (1)
- cpe:2.3:a:nimiq:nimiq_proof-of-stake:*:*:*:*:*:rust:*:*
More vulnerabilities in Nimiq Nimiq Proof-of-stake
- CVE-2026-33471 — Critical (CVSS 9.6): nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its…
- CVE-2026-40093 — High (CVSS 8.1): nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block…
- CVE-2026-34065 — High (CVSS 7.5): nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation.…
- CVE-2026-34063 — High (CVSS 7.5): Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p`…
- CVE-2026-32605 — High (CVSS 7.5): nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus…
- CVE-2026-33184 — High (CVSS 7.5): nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus…
All CVEs affecting Nimiq Nimiq Proof-of-stake →
Other CWE-617 (Reachable Assertion) vulnerabilities
- CVE-2020-3615 — Critical (CVSS 9.8): Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue…
- CVE-2019-9795 — Critical (CVSS 9.8): A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by…
- CVE-2026-31739 — High (CVSS 8.8): In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The…
- CVE-2020-12417 — High (CVSS 8.8): Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in…
- CVE-2020-6623 — High (CVSS 8.8): stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.
- CVE-2020-6619 — High (CVSS 8.8): stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.