CVE Catalog

CVE-2026-46543

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile — higher than 11% of all known CVEs

Summary

Nimiq is a Rust implementation of the Proof-of-Stake protocol. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash.

Risk Assessment

An attacker can remotely crash a node, leading to disruption of the Nimiq network. This may affect the availability of services relying on this technology.

Recommendation

It is recommended to upgrade to version 1.5.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block". This issue has been patched in version 1.5.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS