QSearchQSearch

CVE-2026-46543

5.3 MEDIUM

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm

Published: 2026-06-10 · Last updated: 2026-06-10

Severity and scoring

CVSS
5.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE
CWE-617

Description

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block". This issue has been patched in version 1.5.0.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-46542 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (4.3 MEDIUM)
  • CVE-2026-9750 An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal ... (6.5 MEDIUM)
  • CVE-2026-9749 This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning a... (6.5 MEDIUM)
  • CVE-2026-9748 The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion fa... (6.5 MEDIUM)
  • CVE-2026-9747 Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server (6.5 MEDIUM)