CVE-2026-46540
Received Received - Intake
Light Client Chain Stalling in Nimiq

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails to update self.macro_head, self.election_head, self.current_validators, or store the election header in the chain_store. This is in direct contrast with the full Blockchain::rebranch() at blockchain/src/blockchain/push.rs:504-518, which correctly updates all macro/election state when the new head is a macro block. After a rebranch to a macro block, the stale macro_head causes subsequent macro blocks pushed via push() to be verified against the wrong predecessor via verify_macro_successor(&this.macro_head). If the rebranch target was an election block, the stale current_validators causes every subsequent block to fail verify_validators(), completely stalling the light client's chain progression. This issue has been patched in version 1.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-46540
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nimiq core-rs-albatross to 1.4.0 (exc)
nimiq light-blockchain to 1.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-841 The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Nimiq Proof-of-Stake protocol's Rust implementation, specifically in the LightBlockchain::rebranch() function prior to version 1.4.0. When the function adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates the block header (self.head) but fails to update other critical state variables such as self.macro_head, self.election_head, self.current_validators, and does not store the election header in the chain_store.

Because of this incomplete update, subsequent macro blocks are verified against an outdated macro_head, causing incorrect verification. If the rebranch target was an election block, the stale current_validators cause every subsequent block to fail validator verification, which stalls the light client's chain progression.

This issue was fixed in version 1.4.0 by correcting the rebranch logic to properly update all relevant macro and election state variables.

Impact Analysis

The vulnerability can impact users by causing the light client to stall its chain progression. This happens because after a rebranch to a macro block, the system verifies subsequent macro blocks against an outdated macro_head, leading to verification failures.

If the rebranch target was an election block, the stale current_validators cause every subsequent block to fail validator verification, effectively halting the light client's ability to progress on the blockchain.

This impacts the availability and integrity of the blockchain client, potentially disrupting normal operations and trust in the blockchain state.

Detection Guidance

Detection of this vulnerability involves identifying if the affected versions of the Nimiq light-blockchain Rust package (prior to version 1.4.0) are in use, particularly versions up to v1.3.0.

Since the vulnerability causes the light client to stall chain progression due to stale current_validators and incorrect macro_head updates, monitoring for stalled chain progression or failed validator verification errors in logs could indicate the presence of the issue.

Specific commands to detect the vulnerability are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade the Nimiq light-blockchain Rust package to version 1.4.0 or later, where the rebranch logic has been fixed to correctly update all macro/election state variables.

This patch resolves the issue by ensuring that after a rebranch to a macro block, the macro_head, election_head, current_validators, and election header in the chain_store are properly updated, preventing stalled chain progression and incorrect block verification.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46540. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart