CVE-2026-46543

Published: Giu 10, 2026 Last Modified: Giu 10, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: low

Description

AI Translation Available

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with 'No macro blocks before genesis block'. This issue has been patched in version 1.5.0.

617

Reachable Assertion

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Crash, Exit, Or Restart

Applicable Platforms

Languages: Not Language-Specific, C, Java, Rust

View CWE Details

https://github.com/nimiq/core-rs-albatross/pull/3745

https://github.com/nimiq/core-rs-albatross/releases/tag/v1.…

https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0

https://github.com/nimiq/core-rs-albatross/security/advisor…

https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-vghx-352f-9…

CVE-2026-46543

Description

Reachable Assertion

Common Consequences

Applicable Platforms

Iscriviti alla newsletter