Skip to main content

nimiq-keys CVE-2026-46542

MEDIUM
Reachable Assertion (CWE-617)
2026-05-21 https://github.com/nimiq/core-rs-albatross GHSA-h9cc-w26m-j342
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Source Code Evidence Fetched
May 21, 2026 - 20:33 vuln.today
Analysis Generated
May 21, 2026 - 20:33 vuln.today

DescriptionNVD

Impact

A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the hosting process.

A secondary panic existed in Commitment::From<[u8; 32]>, which similarly called .unwrap() on a failing curve point decompression.

Who is affected: Browser and desktop wallet users of the web-client WASM library and the nimiq-wallet crate, when initiating a multisig operation with an attacker-supplied public key. An attacker must convince the user to include a crafted public key in a multisig setup - this is not a remotely triggerable node/validator crash.

Who is NOT affected: Validator nodes, consensus, blockchain, mempool, and networking code. There is no on-chain multisig account type; multisig is a purely client-side construct, and no validator/consensus code calls the multisig delinearization path.

Patches

See PR.

Workarounds

No code-level workaround exists short of the patch. Users of wallet applications can mitigate exposure by only performing multisig operations with public keys received from trusted sources.

Resources

  • Affected code: keys/src/multisig/mod.rs, keys/src/multisig/commitment.rs

AnalysisAI

Process crash in the nimiq-keys Rust crate (versions below 1.4.0) occurs when the Ed25519 multisig delinearization path receives a 32-byte public key that is length-valid but does not represent a valid point on the Edwards25519 curve, triggering a Rust .unwrap() panic that kills the hosting wallet process. Affected users are those running the Nimiq web-client WASM library or nimiq-wallet crate who can be persuaded by an attacker to include a crafted key in a multisig setup; validator nodes and all consensus infrastructure are explicitly out of scope. No public exploit has been identified at time of analysis, and no KEV listing exists, indicating this has not been broadly weaponized.

Technical ContextAI

The affected package is the nimiq-keys Rust crate (pkg:rust/nimiq-keys), specifically the multisig code in keys/src/multisig/mod.rs and keys/src/multisig/commitment.rs. Ed25519 uses points on the Edwards25519 elliptic curve; a 32-byte byte sequence can be syntactically well-formed (passing length checks) without being a valid compressed curve point. The original Ed25519PublicKey construction validated only byte length, not curve membership (the CWE-617 'Reachable Assertion' root cause class), so a malformed key could traverse the full call chain to Ed25519PublicKey::delinearize(), where .unwrap() on the failed curve point decompression would panic the Rust process. A secondary identical panic existed in Commitment::From<[u8; 32]>. The patch (PR #3713, commit 3bc449a) converts From to TryFrom and propagates errors as Result<_, PartialSignatureError::InvalidCurvePoint> throughout the multisig call chain, eliminating all reachable panics in this path.

RemediationAI

Upgrade nimiq-keys to version 1.4.0 or later, the confirmed vendor-released patch that resolves both the primary panic in Ed25519PublicKey::delinearize() and the secondary panic in Commitment::From<[u8; 32]> by replacing .unwrap() calls with proper Result-based error propagation. The patch is available via PR https://github.com/nimiq/core-rs-albatross/pull/3713, commit https://github.com/nimiq/core-rs-albatross/commit/3bc449a8138960c4de6bfd506bad1730c621d4de, and the tagged release at https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0. No code-level workaround exists short of the patch. As a behavioral mitigation prior to patching, wallet users should restrict multisig operations exclusively to public keys obtained from trusted and independently verified sources, which reduces the attack surface by limiting the attacker's key-delivery vector but does not eliminate the underlying vulnerability.

Share

CVE-2026-46542 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy