CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

Github Security Blog•added 2026/05/21 7:38 p.m.•4 views

nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.8AI score

Exploits0References5Affected Software1

ATTACKERKB•added 2026/04/22 7:45 p.m.•1 views

CVE-2026-34065

nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...

7.5CVSS5.7AI score0.00052EPSS

Exploits0References5Affected Software1

CVE•added 2026/04/22 7:45 p.m.•4 views

CVE-2026-34065

CVE-2026-34065 affects nimiq-primitives in Nimiq’s Rust implementation. Before version 1.3.0, an untrusted p2p peer could cause a node to panic by announcing an election macro block whose validators set includes an invalid compressed BLS voting key. Hashing the election macro header hashes the va...

7.5CVSS5.7AI score0.00052EPSS

Exploits0References4Affected Software1

EUVD•added 2026/04/22 7:19 p.m.•0 views

EUVD-2026-25062

nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals...

7.5CVSS5.7AI score0.00052EPSS

Exploits0References4

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34546

Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::voting keys, which calls validator.voting key.uncompress.unwr...

7.5CVSS5.8AI score0.00052EPSS

Exploits0References8

NVD•added 2026/04/14 12:16 a.m.•2 views

CVE-2026-34069

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

5.3CVSS0.00049EPSS

Exploits0References4

CVE•added 2026/04/13 11:55 p.m.•7 views

CVE-2026-34069

CVE-2026-34069 affects the Rust implementation of Nimiq’s PoS consensus (nimiq/core-rs-albatross). In versions 1.2.2 and earlier, an unauthenticated p2p peer can trigger a panic in the RequestMacroChain message handler when the first locator hash on the victim’s main chain is a micro block hash (...

5.3CVSS5.8AI score0.00049EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/13 4:36 p.m.•2 views

GHSA-48M6-486P-9J8P nimiq-consensus panics via RequestMacroChain micro-block locator

Impact An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic by sending a RequestMacroChain message where the first locator hash that is on the victim’s main chain is a micro block hash not a macro block hash. In RequestMacroChain::handle, the handler selects t...

5.3CVSS5.8AI score0.00049EPSS

Exploits0References6

Positive Technologies•added 2026/04/13 12:0 a.m.•5 views

PT-2026-32563

Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.3.0 Description An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. This occurs when a RequestMacroChain message is sent where the first locator hash on the...

5.3CVSS5.2AI score0.00049EPSS

Exploits0References10

RedhatCVE•added 2026/04/06 10:57 a.m.•1 views

CVE-2026-34061

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest...

6.5CVSS5.8AI score0.00027EPSS

Exploits0References1

NVD•added 2026/04/03 11:17 p.m.•1 views

CVE-2026-34061

6.5CVSS0.00027EPSS

Exploits0References4

EUVD•added 2026/04/03 10:7 p.m.•1 views

EUVD-2026-18895

4.9CVSS5.8AI score0.00027EPSS

Exploits0References4

CVE•added 2026/04/03 10:7 p.m.•4 views

CVE-2026-34061

The CVE concerns nimiq/core-rs-albatross (Rust implementation of Nimiq PoS with Albatross). Before v1.3.0, an elected validator proposer could issue an election macro block whose header.interlink did not match the canonical next interlink. Honest validators accepted the proposal in verify_macro_b...

6.5CVSS5.8AI score0.00027EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/04/03 10:7 p.m.•1 views

CVE-2026-34061

4.9CVSS5.8AI score0.00027EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/03 10:7 p.m.•2 views

CVE-2026-34061 nimiq/core-rs-albatross: Macro block proposal interlink bug

4.9CVSS5.8AI score0.00027EPSS

Exploits0References4

Positive Technologies•added 2026/04/03 12:0 a.m.•3 views

PT-2026-30254

4.9CVSS5.8AI score0.00027EPSS

Exploits0References5

RedhatCVE•added 2026/03/02 1:50 a.m.•1 views

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

7.1CVSS6AI score0.00009EPSS

Exploits0References1

NVD•added 2026/02/27 10:16 p.m.•5 views

CVE-2026-28402

7.1CVSS0.00009EPSS

Exploits0References4