8.1
CVE-2026-40093
- EPSS 0.31%
- Veröffentlicht 09.04.2026 21:16:11
- Zuletzt bearbeitet 24.04.2026 17:11:14
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
nimiq-blockchain is missing a wall-clock upper bound on block timestamps
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps arbitrarily far in the future. This directly affects reward calculations via Policy::supply_at() and batch_delay() in blockchain/src/reward.rs, inflating the monetary supply beyond the intended emission schedule.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nimiq ≫ Nimiq Proof-of-stake SwPlatformrust Version < 1.3.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.229 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-49xc-52mp-cc9j