MEDIUM 5.3

CVE-2026-46543: Nimiq Remote Node Crash Vulnerability

A flaw in Nimiq's full node implementation allows any remote attacker to crash a node by sending a specially crafted network message. The vulnerability exists in how the node processes requests about blockchain data when reaching the earliest block (genesis block), causing an unhandled panic that terminates the node. This is a network-level denial-of-service that requires no authentication and can be exploited by any peer on the Nimiq network.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Weaknesses (CWE)
CWE-617
Affected products
0 configuration(s)
Published / Modified
2026-06-10 / 2026-06-17

NVD description (verbatim)

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block". This issue has been patched in version 1.5.0.

3 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-46543 is a denial-of-service vulnerability in Nimiq prior to version 1.5.0. When a full node receives a RequestBatchSet message containing the genesis block's hash, the message handler invokes get_epoch_chunks, which iterates backward through macro blocks using Policy::macro_block_before. The iteration terminates abnormally when the function attempts to locate a macro block before the genesis block—a logical impossibility—triggering a panic with the message "No macro blocks before genesis block". This unhandled exception crashes the node process. The root cause is insufficient boundary validation before traversing the blockchain's historical data structure.

Business impact

Widespread node crashes disrupt network participants' ability to validate transactions and maintain consensus. For operators running full nodes, this creates availability risk: any malicious or misconfigured peer can forcibly disconnect them from the network. In a Proof-of-Stake ecosystem, node downtime may trigger stake lockups, missed attestations, or slashing penalties depending on Nimiq's validator rules. Network health deteriorates if attackers systematically target nodes, reducing decentralization and increasing latency for legitimate users.

Affected systems

Nimiq full nodes running any version prior to 1.5.0 are vulnerable. The vulnerability is triggered by remote network messages, so any node listening on the network is at risk. Validators and full node operators maintaining the Nimiq blockchain are the primary affected parties.

Exploitability

The attack is trivial to execute: any network peer can craft and send a single RequestBatchSet message containing the genesis block's hash. No authentication, special privileges, or user interaction is required. The attack succeeds with low network latency and modest computational overhead. However, practical exploitation requires the attacker to be connected to or aware of target node addresses on the Nimiq peer-to-peer network. The CVSS score of 5.3 (Medium) reflects the ease of triggering a denial-of-service against availability, balanced against the absence of confidentiality or integrity impact.

Remediation

Upgrade Nimiq to version 1.5.0 or later. The patch addresses the boundary condition by properly validating whether a macro block exists before the requested position in the blockchain, preventing the panic from occurring. Node operators should treat this as a priority security update to restore resilience against denial-of-service attacks from untrusted network peers.

Patch guidance

1. Verify your current Nimiq version (consult your node's version output or logs). 2. If running a version prior to 1.5.0, obtain the patched release from the official Nimiq repository or package manager. 3. Back up your node's state and configuration before upgrading. 4. Stop the node gracefully, upgrade the binary or package, and restart. 5. Confirm the node rejoins the network and resumes normal operation. 6. Monitor logs for any anomalies during the first 24 hours post-upgrade.

Detection guidance

Monitor node logs for panic messages or crashes containing "No macro blocks before genesis block". Correlate timing of crashes with network activity logs to identify if a peer was recently connected before each incident. Implement network-level monitoring to detect unusual RequestBatchSet message patterns from specific peers. Track node uptime metrics; a sudden spike in crashes after a benign deployment change may indicate exploitation. Consider deploying a canary node on a test network to validate patches before production rollout.

Why prioritize this

Although this vulnerability scores MEDIUM on CVSS, prioritize patching because: (1) it is unauthenticated and remotely exploitable from any network peer, (2) full node uptime is critical to blockchain security and validator operations, (3) coordinated attacks could degrade network health, and (4) the fix is non-disruptive and available. Operators cannot mitigate via firewall or access controls; only upgrading resolves the flaw.

Risk score, explained

CVSS 5.3 reflects a vulnerability with network-based attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is scoped to availability (A:L) with no confidentiality or integrity damage. The score is moderate rather than high because denial-of-service does not compromise data or systems beyond temporary unavailability. However, the ease of exploitation and importance of node availability in blockchain networks elevate the practical risk.

Frequently asked questions

Can an attacker steal my private keys or coins via this vulnerability?

No. This vulnerability only causes a denial-of-service crash; it does not grant access to private keys, wallets, or blockchain state. Your funds remain secure, but your node will be offline until restarted and upgraded.

Is there a workaround if I cannot upgrade immediately?

No fully protective workaround exists. Strict firewall rules limiting peer connections may reduce exposure, but cannot eliminate the risk since the vulnerability is triggered by legitimate protocol messages. Upgrade as soon as feasible.

How long has this been exploitable?

The vulnerability existed in all Nimiq versions prior to 1.5.0. The exact date when exploitation began in the wild is unknown, but the CVE was published on 2026-06-10 after the 1.5.0 patch was released.

Will upgrading cause me to lose my node data or validator stake?

No. Upgrading Nimiq to 1.5.0 preserves your blockchain state, validator identity, and stake. The upgrade is a security patch that does not alter the consensus rules or require re-syncing.

This analysis is provided for informational purposes and does not constitute legal, investment, or professional security advice. SEC.co makes no warranty regarding the accuracy, completeness, or timeliness of this information. Organizations must conduct their own risk assessments and consult official Nimiq advisories, patch documentation, and vendor guidance. Actual exploitation likelihood and impact vary by deployment context, network topology, and operational practices. Always verify patch availability and compatibility in your specific environment before deploying updates. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).