top of page
perceptive_background_267k.jpg

nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p pee…

Published:

21 April 2026 at 22:00:00

Alert date:

22 April 2026 at 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Supply Chain & Dependencies

A vulnerability in nimiq-primitives prior to version 1.3.0 allows untrusted P2P peers to cause node panics by announcing election macro blocks with invalid compressed BLS voting keys. The issue occurs when hashing election macro headers that contain invalid validator voting keys, causing the validator.voting_key.uncompress().unwrap() function to panic on invalid bytes. This vulnerability affects Nimiq's Rust implementation and has been patched in version 1.3.0 with no known workarounds available.

Technical details

Mitigation steps:

Affected products:

nimiq-primitives
Nimiq Rust implementation

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-34065
https://github.com/nimiq/core-rs-albatross/commit/e10eaebcd7774e5da6d0ff5e88ed13503474f0ff
https://github.com/nimiq/core-rs-albatross/pull/3662
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7c4j-2m43-2mgh

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page