top of page
perceptive_background_267k.jpg

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` s…

Published:

21 April 2026 at 22:00:00

Alert date:

22 April 2026 at 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Emerging Technologies

CVE-2026-34063 affects Nimiq's network-libp2p implementation prior to version 1.3.0. The vulnerability occurs in the libp2p ConnectionHandler state machine which assumes at most one inbound and outbound discovery substream per connection. When a remote peer opens a discovery protocol substream a second time on the same connection, the handler triggers a panic condition instead of failing closed. This causes a remote crash of the networking task, taking the node's p2p networking offline until manual restart. The vulnerability allows remote attackers to cause denial of service by disrupting peer-to-peer networking functionality. A patch is available in version 1.3.0 with no known workarounds.

Technical details

Mitigation steps:

Affected products:

Nimiq network-libp2p

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-34063
https://github.com/nimiq/core-rs-albatross/commit/e0d4e01994f061bf41d3c2835bc74040d3c084f5
https://github.com/nimiq/core-rs-albatross/pull/3666
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-74hp-mhfx-m45h

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page