CVE-2026-34068

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...

CVE-2026-34068

Summary (CVE-2026-34068) Nimiq-transaction’s staking contract (Rust) prior to v1.3.0 accepts UpdateValidator transactions that set new_voting_key=Some(...) without including new_proof_of_knowledge, bypassing the PoK requirement used to prevent BLS rogue-key attacks in aggregated signatures. Since...

CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...

PT-2026-34555

Impact The staking contract accepts UpdateValidator transactions that set new voting key=Some... while omitting new proof of knowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...

Nimiq 数据伪造问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior to Nimiq 1.3.0, there was a vulnerability related to data manipulation. This vulnerability stemmed from the UpdateValidator transaction in the nimiq-transaction where the was set with newvotingkey=Some…, but the...

Amazon S3 Encryption Client for Java has a Key Commitment Issue

Summary S3 Encryption Client for Java is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamander...