Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-46545— nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item

CVSS 7.5 · High EPSS 0.04% · P12

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service

Affected Version Matrix 1

VendorProductVersion RangeStatus
nimiqcore-rs-albatross< 1.5.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-46545

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未捕获的异常
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nimiq 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nimiq是Nimiq开源的一个Albatross协议的Rust实现。 Nimiq 1.5.0之前版本存在安全漏洞,该漏洞源于MerkleRadixTrie::put_chunk中允许远程未认证攻击者使执行状态同步的节点崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nimiqcore-rs-albatross < 1.5.0 -

II. Public POCs for CVE-2026-46545

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8334 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-46545

登录查看更多情报信息。

Patches & Fixes for CVE-2026-46545 (1)

Vendor Advisories for CVE-2026-46545 (1)

Vendor Pages for CVE-2026-46545 (1)

Same Patch Batch · nimiq · 2026-06-09 · 7 CVEs total

CVE-2026-465417.5 HIGHNimiq network-libp2p: DHT query poisoning via first-record verification failure
CVE-2026-465406.5 MEDIUMNimiq light-blockchain: Light blockchain rebranch issue
CVE-2026-465395.9 MEDIUMnimiq-primitives: BlockInclusionProof interlink issue when hops are empty
CVE-2026-465435.3 MEDIUMnimiq-blockchain: Genesis batch set request
CVE-2026-445055.3 MEDIUMNimiq network-libp2p: Untrusted peer can wedge DHT
CVE-2026-465424.3 MEDIUMnimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

IV. Related Vulnerabilities

Same product: core-rs-albatross
Same vendor: nimiq
Same weakness: CWE-248

V. Comments for CVE-2026-46545

No comments yet

Leave a comment