CVE-2026-46543
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Nimiq is a Rust implementation of the Proof-of-Stake protocol. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash.
Risk Assessment
An attacker can remotely crash a node, leading to disruption of the Nimiq network. This may affect the availability of services relying on this technology.
Recommendation
It is recommended to upgrade to version 1.5.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block". This issue has been patched in version 1.5.0.

