CVE-2026-34069

MEDIUM
2026-04-13 https://github.com/nimiq/core-rs-albatross GHSA-48m6-486p-9j8p
Information Disclosure
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Apr 15, 2026 - 12:47 vuln.today

DescriptionNVD

Impact

An unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic by sending a RequestMacroChain message where the first locator hash that is on the victim’s main chain is a micro block hash (not a macro block hash).

In RequestMacroChain::handle, the handler selects the locator based only on "is on main chain", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro).

Patches

The patch for this vulnerability](https://github.com/nimiq/core-rs-albatross/pull/3660) is formally released as part of v1.3.0.

Workarounds

No known workarounds.

AnalysisAI

Denial of service in Nimiq Core consensus peer handler allows unauthenticated remote attackers to crash the RequestMacroChain message handler by sending a crafted message where the first locator hash on the victim's main chain is a micro block instead of a macro block, triggering an unhandled panic via unwrap() on BlockIsNotMacro error. Vendor-released patch: v1.3.0. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-34069 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy