CVE-2026-46540

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

GHSA-799F-29JM-GR6C nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

CVE-2026-34061

The CVE concerns nimiq/core-rs-albatross (Rust implementation of Nimiq PoS with Albatross). Before v1.3.0, an elected validator proposer could issue an election macro block whose header.interlink did not match the canonical next interlink. Honest validators accepted the proposal in verify_macro_b...