CVE-2026-34069
Panic Vulnerability in nimiq/core-rs-albatross RequestMacroChain Handler
Publication date: 2026-04-14
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nimiq | nimiq_proof-of-stake | to 1.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
The vulnerability in CVE-2026-34069 occurs in the Nimiq core-rs-albatross blockchain implementation, specifically in the RequestMacroChain message handler. An unauthenticated peer can send a RequestMacroChain message containing a locator list where the first hash is a micro block hash instead of the expected macro block hash. The handler incorrectly accepts any on-chain block hash without verifying its type and then calls a function that expects only macro block hashes. This causes a panic because the function cannot handle micro block hashes, leading to an unhandled assertion failure.
The issue was fixed by adding a validation step that ensures only macro block hashes are accepted in the locator list. If a micro block hash is encountered, it is skipped, preventing the panic condition.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated remote attacker to cause a denial of service by crashing the RequestMacroChain message handler task. The panic triggered by sending a micro block hash instead of a macro block hash causes the application to fail unexpectedly, potentially disrupting the normal operation of the blockchain node.
The impact is limited to availability, with no effect on confidentiality or integrity, and the severity is rated as moderate with a CVSS base score of 5.3.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for panic crashes in the RequestMacroChain message handler of the nimiq/core-rs-albatross implementation when processing peer-to-peer messages.
Specifically, detection involves identifying RequestMacroChain messages that contain locator hashes where the first hash is a micro block hash instead of a macro block hash.
Since the vulnerability causes a panic when such a message is processed, observing application logs or crash reports for panics related to BlockchainError::BlockIsNotMacro or unhandled assertion failures in the RequestMacroChain handler can indicate exploitation attempts.
There are no explicit commands provided in the resources to detect this vulnerability on the network or system.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the nimiq/core-rs-albatross or nimiq-consensus package to version 1.3.0 or later, where the vulnerability has been fixed.
The fix includes validation in the RequestMacroChain handler to ensure only macro block hashes are accepted in the locator list, preventing the panic condition.
No known workarounds exist other than upgrading to the fixed version.