CVE-2026-46545
Received Received - Intake
MerkleRadixTrie::put_chunk DoS in Nimiq

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-46545
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nimiq core-rs-albatross 1.5.0
nimiq nimiq-primitives to 1.5.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-46545 is a high-severity denial-of-service vulnerability in the Nimiq blockchain's core-rs-albatross implementation. It affects the MerkleRadixTrie::put_chunk function, where a remote, unauthenticated attacker can send a maliciously crafted chunk to crash nodes performing state synchronization.

The attack works by sending a ResponseChunk containing a TrieItem.key set to the empty (ROOT) key. This chunk passes validation but causes a panic when the node tries to store a value at the root node, leading to a process abort.

This vulnerability impacts nodes syncing state from untrusted peers, such as fresh nodes joining the network or nodes recovering from data loss. Honest nodes do not generate such ROOT-keyed items, so non-syncing operations are unaffected.

Impact Analysis

This vulnerability can cause denial-of-service by crashing any node performing state synchronization in the Nimiq network. This includes nodes that are freshly joining or recovering from data loss.

An attacker can remotely and without authentication send malicious chunks that cause the node's process to abort, disrupting the node's ability to sync and participate in the network.

There are no safe in-process workarounds, so affected nodes must upgrade to version 1.5.0 or later to mitigate the issue.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or panics in nodes performing state synchronization, especially when receiving ResponseChunk messages containing a TrieItem.key set to the empty (ROOT) key.

Since the attack involves a maliciously crafted chunk sent by a remote peer, detection involves inspecting network traffic for ResponseChunk messages with suspicious empty keys or monitoring logs for panic events related to MerkleRadixTrie::put_chunk.

Specific commands are not provided in the resources, but general approaches include:

  • Use network packet capture tools (e.g., tcpdump or Wireshark) to filter and analyze traffic to/from nodes for unusual ResponseChunk payloads.
  • Check node logs for panic or crash messages related to trie.rs or MerkleRadixTrie::put_chunk.
  • Use process monitoring tools (e.g., systemctl status, journalctl, or docker logs) to detect unexpected node restarts or crashes.
Mitigation Strategies

The primary mitigation step is to upgrade the Nimiq core-rs-albatross implementation to version 1.5.0 or later, where the vulnerability has been patched.

There are no safe in-process workarounds available to prevent the crash caused by malicious chunks.

After upgrading, ensure that nodes only synchronize state with trusted peers to minimize exposure to maliciously crafted chunks.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46545. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart