CVE-2026-34066

EPSS 0.24%
Veröffentlicht 22.04.2026 19:47:49
Zuletzt bearbeitet 24.04.2026 17:12:43
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

nimiq-blockchain: Peer-triggerable panic during history sync

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch). During history sync, a peer can influence the `history: &[HistoricTransaction]` input passed into `Blockchain::push_history_sync`, and a malformed history list can violate these invariants and trigger a panic. `extend_history_sync` calls `this.history_store.add_to_history(..)` before comparing the computed history root against the macro block header (`block.history_root()`), so the panic can happen before later rejection checks run. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nimiq ≫ Nimiq Proof-of-stake SwPlatformrust Version < 1.3.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0

Release Notes

https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-j99g-7rqw-q9jg

Patch

Vendor Advisory

https://github.com/nimiq/core-rs-albatross/pull/3656

Patch

Issue Tracking

https://github.com/nimiq/core-rs-albatross/commit/6f5511309c199d84b012fe6b9aba7e5582892c50

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-34066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34066

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34066