CVE-2026-40092
Deferred Deferred - Pending Action
Denial of Service in Nimiq Blockchain Storage

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: GitHub, Inc.

Description
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned<ValidatorRecord, KeyPair> with a signature field whose byte length is not exactly 64 in order to cause a crash. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches Ed25519Signature::from_bytes(sig).unwrap() in the TaggedPublicKey implementation for Ed25519PublicKey. The from_bytes call fails because ed25519_zebra::Signature::try_from rejects slices not 64 bytes, and the unwrap() panics. The BLS TaggedPublicKey implementation correctly returns false on error; only the Ed25519 implementation panics. This issue has been fixed in version 1.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-08
NVD
CVE-2026-40092
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nimiq nimiq-blockchain to 1.4.0 (exc)
nimiq nimiq-blockchain 1.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the nimiq-blockchain software versions 1.3.0 and below. A malicious network peer can crash any Nimiq full node by publishing a specially crafted Kademlia DHT record. The crafted record contains a TaggedSigned object with a signature field that does not have the required 64-byte length. When the victim node attempts to verify this record, the verification process calls a function that expects a 64-byte signature. Because the signature length is incorrect, the function panics and crashes the node. This issue occurs specifically in the Ed25519 signature verification implementation, which panics on invalid input, unlike the BLS implementation that handles errors gracefully. The vulnerability was fixed in version 1.4.0.

Impact Analysis

This vulnerability can cause denial of service by crashing any Nimiq full node that receives a maliciously crafted Kademlia DHT record. An attacker can exploit this to disrupt the operation of nodes, potentially affecting network stability and availability.

Mitigation Strategies

The vulnerability has been fixed in nimiq-blockchain version 1.4.0. The immediate step to mitigate this vulnerability is to upgrade your Nimiq full node to version 1.4.0 or later.

Detection Guidance

This vulnerability causes a crash (panic) in Nimiq full nodes when they receive a crafted Kademlia DHT record containing an Ed25519 signature with an invalid length (not exactly 64 bytes). Detection can focus on monitoring node crashes or panics related to signature verification failures.

Since the crash occurs during the processing of DHT records, you can detect attempts by monitoring logs for panics or crashes in the TaggedPublicKey::verify function or related Ed25519 signature verification errors.

There are no specific commands provided in the resources or CVE description for detecting this vulnerability directly on the network or system.

A practical approach is to update to version 1.4.0 or later, which fixes the issue by handling invalid signature lengths gracefully without panicking.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40092. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart