CVE-2026-34069
Received Received - Intake
Panic Vulnerability in nimiq/core-rs-albatross RequestMacroChain Handler

Publication date: 2026-04-14

Last updated on: 2026-04-24

Assigner: GitHub, Inc.

Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the first locator hash on the victim’s main chain is a micro block hash (not a macro block hash) causes said panic. The RequestMacroChain::handle handler selects the locator based only on "is on main chain", then calls get_macro_blocks() and panics via .unwrap() when the selected hash is not a macro block (BlockchainError::BlockIsNotMacro). This issue has been fixed in version 1.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34069
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nimiq nimiq_proof-of-stake to 1.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The vulnerability in CVE-2026-34069 occurs in the Nimiq core-rs-albatross blockchain implementation, specifically in the RequestMacroChain message handler. An unauthenticated peer can send a RequestMacroChain message containing a locator list where the first hash is a micro block hash instead of the expected macro block hash. The handler incorrectly accepts any on-chain block hash without verifying its type and then calls a function that expects only macro block hashes. This causes a panic because the function cannot handle micro block hashes, leading to an unhandled assertion failure.

The issue was fixed by adding a validation step that ensures only macro block hashes are accepted in the locator list. If a micro block hash is encountered, it is skipped, preventing the panic condition.

Impact Analysis

This vulnerability allows an unauthenticated remote attacker to cause a denial of service by crashing the RequestMacroChain message handler task. The panic triggered by sending a micro block hash instead of a macro block hash causes the application to fail unexpectedly, potentially disrupting the normal operation of the blockchain node.

The impact is limited to availability, with no effect on confidentiality or integrity, and the severity is rated as moderate with a CVSS base score of 5.3.

Detection Guidance

This vulnerability can be detected by monitoring for panic crashes in the RequestMacroChain message handler of the nimiq/core-rs-albatross implementation when processing peer-to-peer messages.

Specifically, detection involves identifying RequestMacroChain messages that contain locator hashes where the first hash is a micro block hash instead of a macro block hash.

Since the vulnerability causes a panic when such a message is processed, observing application logs or crash reports for panics related to BlockchainError::BlockIsNotMacro or unhandled assertion failures in the RequestMacroChain handler can indicate exploitation attempts.

There are no explicit commands provided in the resources to detect this vulnerability on the network or system.

Mitigation Strategies

The immediate mitigation step is to upgrade the nimiq/core-rs-albatross or nimiq-consensus package to version 1.3.0 or later, where the vulnerability has been fixed.

The fix includes validation in the RequestMacroChain handler to ensure only macro block hashes are accepted in the locator list, preventing the panic condition.

No known workarounds exist other than upgrading to the fixed version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34069. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart