Vendor

Nimiq

4 briefs RSS

Nimiq Primitives Trie Chunk Processing Denial-of-Service (CVE-2026-46545)

A remote denial-of-service vulnerability (CVE-2026-46545) exists in Nimiq primitives where an unauthenticated peer can send a malicious chunk with an empty key, leading to a panic when `put_raw` attempts to store a value at the root node, causing the node process to abort.

nimiq-primitives denial-of-service rust

2r 1t 4w ago

medium advisory

Nimiq nimiq-keys Ed25519 Signature Length Vulnerability (CVE-2026-40092)

2 rules 1 TTP

A malicious network peer can crash a Nimiq full node by publishing a crafted Kademlia DHT record due to unchecked Ed25519 signature length in `TaggedPublicKey::verify` (CVE-2026-40092).

nimiq-keys dos nimiq signature-validation

2r 1t May 15, 2026

medium advisory

Nimiq Node Panic due to Invalid BLS Key

2 rules 3 TTPs

An unauthenticated peer can crash a Nimiq node by sending a malformed election macro block containing an invalid BLS voting key, leading to a denial of service.

nimiq-primitives denial-of-service nimiq bls

2r 3t Jan 24, 2024

medium advisory

Nimiq Block Skip Block Quorum Bypass Vulnerability

2 rules 1 TTP

A vulnerability exists in Nimiq Block's SkipBlockProof verification process, allowing attackers to bypass quorum checks by manipulating MultiSignature signers with out-of-range indices, potentially compromising blockchain integrity, and affecting rust/nimiq-block versions 0.2.0 and earlier.

nimiq-block blockchain quorum bypass nimiq rust

2r 1t Jan 2, 2024