MEDIUM 4.3

CVE-2026-46542: Nimiq Ed25519 Denial-of-Service Vulnerability (Version 1.4.0 Patch)

Nimiq, a Rust-based blockchain implementation, contains a vulnerability in how it validates cryptographic keys used for multisig (multi-signature) operations. When the system processes Ed25519 public keys, it only checks that the key is 32 bytes long—the correct size—but doesn't verify that those bytes actually represent a valid point on the Ed25519 elliptic curve. An attacker can send a specially crafted, mathematically invalid public key that passes the length check. When the Nimiq node attempts to process this malformed key during multisig delinearization, the code crashes due to an uncaught exception, causing a denial-of-service condition. This affects Nimiq versions before 1.4.0.

Source data · NVD / CISA · public domain

CVSS
3.1 · 4.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Weaknesses (CWE)
CWE-617
Affected products
0 configuration(s)
Published / Modified
2026-06-10 / 2026-06-17

NVD description (verbatim)

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the hosting process. This issue has been patched in version 1.4.0.

3 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability stems from insufficient input validation in Ed25519PublicKey construction and subsequent unsafe unwrapping in the delinearization code path. Specifically, the constructor accepts any 32-byte sequence without verifying curve membership, and Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs calls .unwrap() on the result of curve point decompression. When decompression fails (because the bytes don't encode a valid Ed25519 point), the unwrap() panics, terminating the process. The attack surface is remote and unauthenticated: any peer sending a multisig message with a crafted invalid public key can trigger the crash. The flaw is categorized as CWE-617 (Reachable Assertion), reflecting the unsafe panic on attacker-controlled input.

Business impact

A remote, unauthenticated denial-of-service condition can crash Nimiq validator and full-node processes, disrupting consensus participation and network availability. Organizations running Nimiq infrastructure—such as stake pool operators, exchanges, or validators—face potential service downtime without timely patching. Because the attack requires only network access and no user interaction (beyond normal peer-to-peer communication), the barrier to exploitation is very low, making this a practical griefing vector for malicious participants or network disruptors.

Affected systems

Nimiq versions prior to 1.4.0 are vulnerable. The vendor product list is empty in the source data, indicating this is a direct upstream project issue. Any deployment running the Nimiq consensus implementation before the patched version—including validators, full nodes, and light clients that process multisig transactions—requires remediation.

Exploitability

Exploitability is straightforward. The attack is network-accessible (AV:N), requires no privileges (PR:N), has low complexity (AC:L), and does not require user interaction in the traditional sense (UI:R reflects the interaction model of network services). An attacker crafts a peer-to-peer message containing an invalid Ed25519 public key and sends it to a target node. The node will crash upon processing, making this a trivial denial-of-service with no authentication or special conditions required. The CVSS 3.1 score of 4.3 (MEDIUM) reflects the availability impact offset by the lack of confidentiality or integrity consequences.

Remediation

Upgrade to Nimiq version 1.4.0 or later. The patch adds proper curve membership validation to Ed25519PublicKey construction, preventing invalid keys from reaching the delinearization code. Additionally, the delinearization logic should be reviewed to ensure robust error handling rather than panicking on malformed input. Organizations should prioritize this upgrade across all Nimiq infrastructure—validators, full nodes, and any services relying on the consensus library.

Patch guidance

Apply Nimiq version 1.4.0 or newer to all affected instances. Verify the upgrade by confirming the version string and checking that the node resumes normal consensus participation. No known workarounds exist; patching is the only reliable mitigation. Test the upgrade in a non-production environment first to ensure compatibility with your operational setup, though version 1.4.0 is the direct fix and should not introduce breaking changes for standard deployments.

Detection guidance

Monitor Nimiq node logs for panics or crashes correlating with incoming peer-to-peer traffic, particularly around multisig message processing. Network-level detection could identify unusual Ed25519 key patterns in protocol messages, though this requires deep protocol inspection. Most practical: verify the Nimiq version running on your infrastructure and confirm all nodes have upgraded to 1.4.0 or later. If a crash is observed in earlier versions, treat it as a potential exploit attempt and proceed with emergency patching.

Why prioritize this

Although the CVSS score is MEDIUM (4.3), the practical risk is elevated: the attack is trivial to execute, requires no authentication, and can be repeated at negligible cost by an attacker. For any organization operating Nimiq validators or full nodes, unpatched instances represent an open availability target. The crash is instantaneous and can disrupt consensus; however, the impact is localized to availability (no data breach or integrity loss). Prioritize patching based on your operational role: validators should patch immediately to maintain network security; full nodes and service providers should follow within days.

Risk score, explained

The CVSS 3.1 score of 4.3 reflects a low-severity availability impact (A:L) with no confidentiality or integrity risk. The network-accessible, unauthenticated attack vector (AV:N/PR:N) and low complexity (AC:L) push the score into MEDIUM range despite the limited consequence scope. In practice, the vulnerability is more dangerous than the score alone suggests because it is a trivial remote denial-of-service with zero operational barriers; however, it does not compromise data or enable escalation. The score correctly captures that this is not a critical vulnerability, but organizations should not delay patching based on the MEDIUM rating alone.

Frequently asked questions

Can this vulnerability be exploited without network access?

No. The vulnerability is network-accessible (AV:N); an attacker must be able to send peer-to-peer messages to the Nimiq node, which requires network connectivity. However, because Nimiq nodes typically listen on the network by design, this is not a significant practical barrier.

Does the vulnerability compromise private keys or wallet funds?

No. The vulnerability is purely a denial-of-service condition that crashes the process. It does not leak private keys, steal funds, or corrupt the blockchain state. Once the node is restarted, it resumes normal operation. Upgrading prevents the crash.

What is the difference between Nimiq 1.3.x and 1.4.0?

Version 1.4.0 introduces validation of curve membership when constructing Ed25519 public keys, rejecting invalid keys before they reach the delinearization code. This prevents the crash. We recommend verifying the exact version number and change log against the official Nimiq repository to confirm patch details specific to your deployment.

If my node crashes, is the blockchain affected?

No. The crash affects only the individual node instance. The Nimiq blockchain and consensus continue on the network. When you restart the crashed node, it will re-sync and resume normal participation. However, frequent crashes disrupt your service availability and consensus stake.

This analysis is provided for informational purposes by SEC.co's security research team. The vulnerability description and affected versions are based on official vendor information as of the publication date. Organizations should verify patch compatibility and version numbers against the official Nimiq repository and security advisories before deployment. Exploit details and proof-of-concept code are not provided. This vulnerability is not currently tracked as actively exploited in the wild as of the analysis date, but the low barrier to exploitation means organizations should prioritize patching. No liability is assumed for loss or damage resulting from the use or misuse of this information. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).