CVE-2026-46541

Published: Giu 10, 2026 Last Modified: Giu 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails (from a malicious DHT node), DhtResults is never created, and all subsequent valid records are discarded with 'DHT inconsistent state' errors. This issue has been patched in version 1.4.0.

754

Improper Check for Unusual or Exceptional Conditions

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability
Potential Impacts:
Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
https://github.com/nimiq/core-rs-albatross/pull/3707
https://github.com/nimiq/core-rs-albatross/pull/3707
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.…
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0
https://github.com/nimiq/core-rs-albatross/security/advisor…
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-ccqv-2c9q-m…