CVE-2026-46539
Received Received - Intake
Logic Flaw in Nimiq BlockInclusionProof Verification

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return true without performing any cryptographic verification when get_interlink_hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election head's epoch. An attacker providing transaction inclusion proofs can forge a MacroBlock header for that epoch position and have it accepted as "proven" without any hash or signature verification. This issue has been patched in version 1.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-46539
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nimiq nimiq_primitives to 1.3.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an attacker to forge a MacroBlock header without cryptographic verification, potentially compromising the integrity of the blockchain data.

While the CVE description and resources indicate a moderate severity with a CVSS score of 5.9 due to integrity compromise, there is no explicit information on how this affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Executive Summary

This vulnerability is a logic flaw in the BlockInclusionProof::is_block_proven function of the Nimiq Rust implementation of the Proof-of-Stake protocol. Specifically, when the get_interlink_hops function returns an empty hop listβ€”occurring when the target block is at the election block position immediately before the election head's epochβ€”the function incorrectly returns true without performing any cryptographic verification.

An attacker can exploit this flaw by providing a forged MacroBlock header for that epoch position, which will be accepted as "proven" without any hash or signature verification, potentially compromising the integrity of the blockchain data.

This issue affects versions up to 1.3.0 and was patched in version 1.4.0.

Impact Analysis

This vulnerability can impact you by allowing an attacker to forge a MacroBlock header that is accepted as valid without proper cryptographic verification. This compromises the integrity of the blockchain data, potentially allowing unauthorized or malicious transactions to be accepted.

Since the flaw allows bypassing cryptographic checks, it can lead to data integrity issues, undermining trust in the blockchain's correctness and security.

Mitigation Strategies

The vulnerability has been patched in version 1.4.0 of the nimiq-primitives package.

To mitigate this vulnerability, you should upgrade your Nimiq implementation to version 1.4.0 or later.

No workarounds are available for this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46539. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart