CVE-2026-46543— nimiq-blockchain: Genesis batch set request
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of ServiceAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nimiq | core-rs-albatross | < 1.5.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46543
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nimiq-blockchain: Genesis batch set request
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with "No macro blocks before genesis block". This issue has been patched in version 1.5.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
可达断言
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nimiq 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nimiq是Nimiq开源的一个Albatross协议的Rust实现。 Nimiq 1.5.0之前版本存在安全漏洞,该漏洞源于处理包含创世区块哈希的RequestBatchSet消息时,Policy::macro_block_before在到达创世区块时崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nimiq | core-rs-albatross | < 1.5.0 | - |
II. Public POCs for CVE-2026-46543
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46543
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-46543 (1)
Vendor Advisories for CVE-2026-46543 (1)
- 🔗 Genesis batch set request · Advisory · nimiq/core-rs-albatross · GitHubx_refsource_CONFIRM
Vendor Pages for CVE-2026-46543 (1)
Same Patch Batch · nimiq · 2026-06-09 · 7 CVEs total
| CVE-2026-46545 | 7.5 HIGH | nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item |
| CVE-2026-46541 | 7.5 HIGH | Nimiq network-libp2p: DHT query poisoning via first-record verification failure |
| CVE-2026-46540 | 6.5 MEDIUM | Nimiq light-blockchain: Light blockchain rebranch issue |
| CVE-2026-46539 | 5.9 MEDIUM | nimiq-primitives: BlockInclusionProof interlink issue when hops are empty |
| CVE-2026-44505 | 5.3 MEDIUM | Nimiq network-libp2p: Untrusted peer can wedge DHT |
| CVE-2026-46542 | 4.3 MEDIUM | nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points |
IV. Related Vulnerabilities
Same product: core-rs-albatross
- CVE-2026-46545
nimiq-primitives: Panic DoS in trie chunk processing via ROO - CVE-2026-46542
nimiq-keys: Denial of service in Ed25519 multisig delineariz - CVE-2026-46541
Nimiq network-libp2p: DHT query poisoning via first-record v - CVE-2026-46540
Nimiq light-blockchain: Light blockchain rebranch issue - CVE-2026-46539
nimiq-primitives: BlockInclusionProof interlink issue when h
Same vendor: nimiq
- CVE-2026-46545
nimiq-primitives: Panic DoS in trie chunk processing via ROO - CVE-2026-46542
nimiq-keys: Denial of service in Ed25519 multisig delineariz - CVE-2026-46541
Nimiq network-libp2p: DHT query poisoning via first-record v - CVE-2026-46540
Nimiq light-blockchain: Light blockchain rebranch issue - CVE-2026-46539
nimiq-primitives: BlockInclusionProof interlink issue when h
Same weakness: CWE-617
V. Comments for CVE-2026-46543
No comments yet