CVE-2026-34067
Awaiting Analysis Awaiting Analysis - Queue
Assertion Panic in nimiq-transaction Proof Verification Causes DoS

Publication date: 2026-04-22

Last updated on: 2026-04-24

Assigner: GitHub, Inc.

Description
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed proof where `history.len() != positions.len()` due to `assert_eq!(history.len(), positions.len())`. The proof object is derived from untrusted p2p responses (`ResponseTransactionsProof.proof`) and is therefore attacker-controlled at the network boundary until validated. A malicious peer could trigger a crash by returning a crafted inclusion proof with a length mismatch. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-24
Generated
2026-06-19
AI Q&A
2026-04-23
EPSS Evaluated
2026-06-18
NVD
CVE-2026-34067
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nimiq nimiq_proof-of-stake to 1.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

An attacker controlling a malicious peer in the network can exploit this vulnerability to cause the application using nimiq-transaction to crash by sending a specially crafted proof with mismatched lengths.

This results in a denial of service (DoS) condition, where the affected software becomes unavailable or unstable due to the crash.

The CVSS score indicates a low severity impact (Base Score 3.1) with no confidentiality or integrity loss, but with low availability impact.

Mitigation Strategies

The vulnerability is fixed in version 1.3.0 of nimiq-transaction. Immediate mitigation involves upgrading to version 1.3.0 or later.

No known workarounds are available.

Executive Summary

This vulnerability exists in the nimiq-transaction Rust implementation prior to version 1.3.0. Specifically, the function HistoryTreeProof::verify panics when it receives a malformed proof where the length of the history does not match the length of the positions. This mismatch triggers an assertion failure (assert_eq!(history.len(), positions.len())).

The proof object being verified is derived from untrusted peer-to-peer network responses, meaning an attacker controlling a malicious peer can craft a proof with this length mismatch. When the vulnerable code attempts to verify this malicious proof, it causes the program to crash.

This vulnerability was fixed in version 1.3.0 of nimiq-transaction. There are no known workarounds.

Compliance Impact

The vulnerability causes a denial of service (application crash) when processing malformed proofs from untrusted network peers. It does not impact confidentiality, integrity, or availability beyond causing a crash.

Since the vulnerability does not lead to data leakage, unauthorized access, or data modification, it is unlikely to directly affect compliance with standards such as GDPR or HIPAA, which focus on protecting personal data privacy and security.

However, denial of service conditions could indirectly affect availability requirements under some regulations, but given the low CVSS impact score and limited scope, this impact is minimal.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34067. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart