top of page
perceptive_background_267k.jpg

nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then i…

Published:

21 April 2026 at 22:00:00

Alert date:

22 April 2026 at 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Emerging Technologies

A vulnerability in nimiq-block's Rust implementation allows malicious validators to bypass skip block proof verification. The issue occurs in SkipBlockProof::verify where usize indices are cast to u16, causing out-of-range indices spaced by 65536 to collide onto the same slot during aggregation. This enables attackers with fewer than 2f+1 real signer slots to pass verification by multiplying a single BLS signature. The vulnerability affects versions prior to 1.3.0 and has been patched in that release with no available workarounds.

Technical details

Mitigation steps:

Affected products:

nimiq-block
Nimiq Rust implementation

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33471
https://github.com/nimiq/core-rs-albatross/commit/d02059053181ed8ddad6b59a0adfd661ef5cd823
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-6973-8887-87ff

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page